[tac_plus] Re: tac_plus config

Schmidt, Daniel dan.schmidt at uplinkdata.com
Tue Aug 4 19:21:09 UTC 2009


Why would you want to do such a thing?  The enable password should be
linked to the account, with enable = cleartext 'badmatt' or enable =
file /etc/passwd.  He should have the same enable password, but
different levels of access.  You should be able to do this in the
tac_plus config, but if you really want to get granular, you can use an
after authentication script like mine on tacacs.org.  

-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Tom Murch
Sent: Tuesday, August 04, 2009 6:22 AM
To: john heasley
Cc: tac_plus at shrubbery.net
Subject: [tac_plus] Re: tac_plus config

great that worked so the only other thing I do not understand is how to
let
tom enable on all routers and switches when there are 5 different enable
passwords between all the equipment?

On Mon, Aug 3, 2009 at 11:46 AM, john heasley <heas at shrubbery.net>
wrote:

> Mon, Aug 03, 2009 at 10:55:32AM -0400, Tom Murch:
> > Hello
> >
> >   so I am trying to get this up and running correctly but I am not
sure
> on a
> > few things. What I am trying to accomplish is as follows:
> >
> > user tom would have access to switches 1-5 and routers 1-10. Tom
will
> also
> > be able to enable on all these switches and routers. The enable
password
> is
> > different on some routers how do I define that?
> >
> > user matt would have access to switches 1-5 and routers 1-10 but
only
> able
> > to enable on switches 1-5 and routers 1-4.
>
> user tom { }
> acl = badmatt {
>        deny 192\.168\.0\.1     # disallow enable on this tacacs client
>        permit .*
> }
> user matt { enableacl = badmatt }
>
> > Any help would be greatly appreciated as I am a tad confused on how
to do
> > this or if it is even possible.
> >
> > Thanks in advance
> >
> > Tom
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
>
http://www.shrubbery.net/pipermail/tac_plus/attachments/20090803/0eb0a14
d/attachment.html
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.shrubbery.net/pipermail/tac_plus/attachments/20090804/5fb5440
4/attachment.html 
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus


More information about the tac_plus mailing list