[tac_plus] Re: ACE authentication
John Payne
john at sackheads.org
Thu Oct 16 20:54:42 UTC 2008
On Oct 16, 2008, at 4:11 PM, jathan. wrote:
> Try adding the keyword 'optional' before the conditional
> shell:Admin. Example:
>
> service = exec {
> optional shell:Admin = "Admin default-domain"
> }
Yep... Mr Heasley mentioned this last night, I didn't realise it
didn't go to the list :)
Thanks!
>
>
> This tells the NAS to ignore this or override it if it doesn't
> understand it. Not sure if that will work in this case, but I've
> used that in the past to enable special-case support for Procket
> hardware.
>
> On Wed, Oct 15, 2008 at 9:02 PM, John Payne <john at sackheads.org>
> wrote:
>
>
> On Oct 15, 2008, at 7:12 PM, John Payne <john at sackheads.org> wrote:
>
> >
> > On Oct 14, 2008, at 6:25 PM, John Payne wrote:
> >
> >> Has anyone had luck translating:
> >>
> >> 4. Under the TACACS+ Settings section of the page, configure the
> >> following
> >> settings:
> >> – Click the Shell (exec) check box.
> >> – Click the Custom attributes check box.
> >> – In the text box below Custom attributes, enter the user role and
> >> associated
> >> domain for a specific context in the following format:
> >> shell:<contextname>=<role> <domain1> <domain2>...<domainN>
> >> For example, to assign the selected user to the C1 context with the
> >> role
> >> ROLE1 and the domain DOMAIN1, enter shell:C1=ROLE1 DOMAIN1.
> >>
> >>
> >> Into tac_plus format? I'm trying various combinations under
> >> service=shell, but I'm getting stuck with the Network-Monitor role,
> >> not the Admin role.
> >
> > Answering my own question:
> >
> > service = exec {
> > shell:Admin = "Admin default-domain"
> > }
> >
> > (shell:context = "role domain")
>
> Argh... Except that broke authentication for IOS devices....
>
> Help?
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>
>
>
> --
> Jathan.
> -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20081016/a3ab065f/attachment.html
More information about the tac_plus
mailing list