[tac_plus] Re: tac_plus with NX-OS
Paul Vdovets
pvdovets at gmail.com
Wed Jul 15 13:48:49 UTC 2009
it looks like the nexus seems to require either pap or mschap
mschap is a no go since based on config.c cleartext is the only supported
config and i'm not looking forward to having my password lying around that
way..
i got it working by adding
pap = des <Filtered Crypt Password>
is there anyway to get either or the two option above working with PAM /
LDAP
below is the entire config used to get tacacs enabled
feature tacacs+
tacacs+ enable
tacacs-server key 7 "*********"
tacacs-server host 10.88.4.52 key 7 "*********" timeout 5
tacacs-server host 10.88.4.52 test username test password test
aaa group server tacacs+ conaaa
server 10.88.4.52
use-vrf default #needed since i am not
using the mgmt port on the switch
aaa authentication login default group conaaa local
aaa authentication login console group conaaa local
aaa accounting default group conaaa local
no aaa authentication login error-enable
no aaa authentication login mschap enable
no radius-server directed-request
tacacs-server directed-request
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090715/15f4ce43/attachment.html
More information about the tac_plus
mailing list