[tac_plus] PAM authentication
Chetan_Jain at Monitor.com
Chetan_Jain at Monitor.com
Tue Jun 26 15:58:16 UTC 2007
Hi,
I am trying to authenticate sshd service on a linux system through
tacacs+....
Tacacs+ server IP : 10.1.100.114
Network Client : 10.115.111.215
I am starting tacacs+ using tac_plus -d 8 -C
/opt/WiKID/private/tacacs.conf
# This file is dynamically written by the WiKID server
# manual changes to this file will be overwritten almost immediately
key = "cooler"
accounting file = /opt/WiKID/log/tacacs.accounting.log
user = chetan {
default service = permit
chap = cleartext "605992"
pap = cleartext "605992"
arap = cleartext "605992"
login = des chRQBOhi.agrM
}
On the Network Client side....
/etc/pam.d/tacacs :
#%PAM-1.0
auth sufficient /lib/security/pam_tacplus.so debug \
server=10.1.100.114 secret=cooler encrypt
account sufficient /lib/security/pam_tacplus.so debug \
server=10.1.100.114 secret=cooler encrypt service=shell protocol=ssh
session sufficient /lib/security/pam_tacplus.so debug \
server=10.1.100.114 secret=cooler encrypt service=shell protocol=ssh
/etc/pam.d/sshd :
#%PAM-1.0
auth sufficient pam_stack.so service=tacacs
#auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_stack.so service=tacacs
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session sufficient pam_stack.so service=tacacs
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
Tacacs+ is not authenticating the credentials....
/var/log/messages on Tacacs+ Server shows :
Jun 26 11:48:15 netmgr tac_plus[28248]: Version F4.0.4.10 Initialized 1
Jun 26 11:48:30 netmgr tac_plus[28258]: connect from 10.115.111.215
[10.115.111.215]
Jun 26 11:48:30 netmgr tac_plus[28258]: pap-login query for 'chetan' ssh
from 10.115.111.215 rejected
Can you help me what could be the issue......
Thanks and Regards,
Chetan Jain
Network Team - IR,
Monitor Group,
131 Free Press House,
Nariman Point, Mumbai.
India
-----------------------------------
This message contains information that may be confidential and proprietary. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message immediately. Thank you very much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20070626/b6525a1d/attachment.html
More information about the tac_plus
mailing list