[tac_plus] Re: tac_plus with NX-OS
john heasley
heas at shrubbery.net
Wed Jul 15 22:40:05 UTC 2009
Wed, Jul 15, 2009 at 09:48:49AM -0400, Paul Vdovets:
> it looks like the nexus seems to require either pap or mschap
>
> mschap is a no go since based on config.c cleartext is the only supported
> config and i'm not looking forward to having my password lying around that
> way..
>
> i got it working by adding
> pap = des <Filtered Crypt Password>
>
> is there anyway to get either or the two option above working with PAM /
> LDAP
ldap is only offered via pam.
i think pam for pap would be possible, but it'l have to be coded.
>
> below is the entire config used to get tacacs enabled
>
> feature tacacs+
> tacacs+ enable
>
> tacacs-server key 7 "*********"
> tacacs-server host 10.88.4.52 key 7 "*********" timeout 5
> tacacs-server host 10.88.4.52 test username test password test
> aaa group server tacacs+ conaaa
> server 10.88.4.52
> use-vrf default #needed since i am not
> using the mgmt port on the switch
> aaa authentication login default group conaaa local
> aaa authentication login console group conaaa local
> aaa accounting default group conaaa local
> no aaa authentication login error-enable
> no aaa authentication login mschap enable
> no radius-server directed-request
> tacacs-server directed-request
More information about the tac_plus
mailing list