[tac_plus] Re: firewall 0.0.0.0??
john heasley
heas at shrubbery.net
Tue Jun 9 16:55:04 UTC 2009
Tue, Jun 09, 2009 at 09:58:50AM -0600, Schmidt, Daniel:
> Hum... Anybody ever noticed that, when you try to enable on a PIX, your
> source ip is given as 0.0.0.0? As of yet, I am unsure whether to blame
> tac_plus or the pix.
>
> 2009-06-09 09:26:06: User 'homer' not allowed from source '0.0.0.0' in
> 'BN'->'host_allow'
> 2009-06-09 09:26:09: User 'homer' not allowed from source '0.0.0.0' in
> 'BN'->'host_allow'
i'd lean toward your script. tacacs gets the ip from the tcp socket.
> If I allow 0.0.0.0 as a source and look at the tac_pairs I get:
>
> service=shell
> cmd*
> priv-lvl=15
> idletime=10
> 2009-06-09 09:36:33: User 'homer' granted access to device
> '192.168.168.168' in group 'BN' from '172.16.25.17'
> service=shell
> cmd=enable
> 2009-06-09 09:37:00: User 'homer' allowed command 'enable' to device
> '192.168.168.168' in 'BN'->'command_permit'
> service=shell
> cmd=enable
> 2009-06-09 09:37:00: User 'homer' allowed command 'enable' to device
> '192.168.168.168' in 'BN'->'command_permit'
> service=shell
> cmd*
> priv-lvl=15
> idletime=10
> 2009-06-09 09:37:02: User 'homer' granted access to device
> '192.168.168.168' in group 'BN' from '172.16.25.17'
>
> (Notice also, firewall doesn't give a cmd-arg=<cr> at the end. Odd.)
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list