[tac_plus] Re: tac_plus config
Tom Murch
tmurch at toniccomputers.com
Fri Aug 21 17:24:19 UTC 2009
your correct so what did i do wrong or how do i fix this ?
user = tom {
login = cleartext tom
enable = cleartext tom12
}
user = matt {
enableacl = badmatt
login = cleartext matt
enable = cleartext matt12
}
acl = badmatt {
deny = 192\.168\.0\.1 # disallow enable on this tacacs client
permit = .*
}
On Fri, Aug 21, 2009 at 12:58 PM, john heasley <heas at shrubbery.net> wrote:
> Fri, Aug 21, 2009 at 12:55:22PM -0400, Tom Murch:
> > so it works great except the enable password is not working on a per user
> > basis is there something i need to change to make that work?
>
> put it in the user {} area. if that is not working, you will have to run
> with debugging and i suspect you'll find that the device isnt passing the
> username with the enable authorization request but rahter $enable$.
>
> > On Fri, Aug 21, 2009 at 12:52 PM, Tom Murch <tmurch at toniccomputers.com
> >wrote:
> >
> > > yeah thats a miss type on part. Let me go try this out.
> > >
> > > On Fri, Aug 21, 2009 at 12:09 PM, john heasley <heas at shrubbery.net>
> wrote:
> > >
> > >> Fri, Aug 21, 2009 at 11:29:14AM -0400, Tom Murch:
> > >> > ok so here is what i have
> > >> >
> > >> > user tom {
> > >> > login = cleartext 'tom'
> > >> > enable = cleartext 'tom12'
> > >> > }
> > >> >
> > >> > acl = badmatt {
> > >> > login = cleartext 'matt'
> > >> > enable = cleartext 'matt12'
> > >> > deny 192\.168\.0\.1 # disallow enable on this tacacs
> client
> > >> > permit .*
> > >> > }
> > >> > user matt { enableacl = badmatt }
> > >> >
> > >> > Will this work so that Tom and Matt can both enable on all things
> except
> > >> the
> > >> > 192.168.0.1 that matt is acl from?
> > >>
> > >> yes, but login and enable are not valid in acl {}.
> > >>
> > >
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090821/321d7a9b/attachment.html
More information about the tac_plus
mailing list