[tac_plus] PAM authentication

Chetan_Jain at Monitor.com Chetan_Jain at Monitor.com
Tue Jun 26 16:11:01 UTC 2007 

Hi,

I am trying to authenticate sshd service on a linux system through 
tacacs+.... 

Tacacs+ server IP : 10.1.100.114
Network Client : 10.115.111.215

I am starting tacacs+ using tac_plus -d 8 -C 
/opt/WiKID/private/tacacs.conf

# This file is dynamically written by the WiKID server
# manual changes to this file will be overwritten almost immediately

key = "cooler"
accounting file = /opt/WiKID/log/tacacs.accounting.log

user = chetan { 
        default service = permit
        chap = cleartext "605992"
        pap = cleartext "605992"
        arap = cleartext "605992"
        login = des chRQBOhi.agrM
}

On the Network Client side.... 

/etc/pam.d/tacacs :

#%PAM-1.0
auth    sufficient   /lib/security/pam_tacplus.so       debug \ 
server=10.1.100.114     secret=cooler encrypt
account    sufficient   /lib/security/pam_tacplus.so    debug \
server=10.1.100.114     secret=cooler encrypt service=shell protocol=ssh
session    sufficient   /lib/security/pam_tacplus.so    debug \
server=10.1.100.114     secret=cooler encrypt service=shell protocol=ssh

/etc/pam.d/sshd :

#%PAM-1.0
auth       sufficient   pam_stack.so service=tacacs
#auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    sufficient   pam_stack.so service=tacacs
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    sufficient   pam_stack.so service=tacacs
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so


Tacacs+ is not authenticating the credentials.... 

/var/log/messages on Tacacs+ Server shows :

Jun 26 11:48:15 netmgr tac_plus[28248]: Version F4.0.4.10 Initialized 1
Jun 26 11:48:30 netmgr tac_plus[28258]: connect from 10.115.111.215 
[10.115.111.215]
Jun 26 11:48:30 netmgr tac_plus[28258]: pap-login query for 'chetan' ssh 
from 10.115.111.215 rejected


Can you help me what could be the issue......











Thanks and Regards,
Chetan Jain
Network Team - IR,
Monitor Group,
131 Free Press House,
Nariman Point, Mumbai.
India



-----------------------------------
This message contains information that may be confidential and proprietary. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message immediately. Thank you very much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20070626/f60ca13a/attachment.html

More information about the tac_plus mailing list