[tac_plus] Re: tac_plus with pam->ldap authentication ldap server failure scenario
john heasley
heas at shrubbery.net
Sat Jun 27 20:41:39 UTC 2009
Fri, Jun 26, 2009 at 11:41:37AM -0400, schilling:
> Hi All,
>
> We get tac_plus working with pam for auth, which then consult ldap for
> authentication. Everything is working as expected. We put user name
> in tacacs.conf with login pam.
>
> Now we are trying to test the ldap failure scenario. If ldap is not
> available. The switch will still be able to communicate with tac_plus,
> then local username/passwd defined on the switch will not work since
> tac_plus is still available. Any configuration in tacacs to change
> this behavior?
I wouldnt expect it to succeed if ldap is unavailable. i'd expect that
either the ldap or pam aren't returning an error properly, or tacacs is
not properly interpretting the error, or your device's configuration is
incorrect.
More information about the tac_plus
mailing list