[tac_plus] Tac_plus authentication and Active Directory group
Charly COYETTE
ccoyette at Devanlay.fr
Fri May 28 15:06:41 UTC 2010
Hello,
I'm currently installing a TACACS+ Server with Tac_plus that
authenticate users with an active directory.
I need to give different rights to users regarding the different groups
in the active directory.
I don't know how to indicate this in the configuration file.
Another question: Is there a way to do "default authentication = PAM"? I
always have an error: "Error: expecting 'file' but found 'pam' on line
16"
Here is the configuration file I currently use:
key = ...
accounting file = /var/log/tacacs/accounting
group = admin {
default service = permit
login = PAM
enable = des "..."
}
group = user {
default service = deny
login = PAM
enable = des "..."
cmd = enable {
permit ".*"
}
cmd = show {
permit "ip .*"
deny ".*"
}
cmd = disable {
permit ".*"
}
cmd = exit {
permit ".*"
}
}
user administrator {
member = admin
}
user toto {
member = user
}
Regards,
Charly COYETTE | Network and System department
Mail : ccoyette at devanlay.fr
DEVANLAY SA : 19bis, rue des Gayettes - BP 503 - 10083 TROYES - FRANCE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20100528/c349a8f2/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1175 bytes
Desc: image001.gif
Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20100528/c349a8f2/attachment.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2657 bytes
Desc: image002.gif
Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20100528/c349a8f2/attachment-0001.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2645 bytes
Desc: image003.gif
Url : http://www.shrubbery.net/pipermail/tac_plus/attachments/20100528/c349a8f2/attachment-0002.gif
More information about the tac_plus
mailing list