[tac_plus] question
Daniel Schmidt
daniel.schmidt at wyo.gov
Thu Aug 18 22:29:35 UTC 2011
Use authorization and configure all the commands on the tac_plus server,
not on the router with privilege levels.
-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Mike Keselman
Sent: Thursday, August 18, 2011 10:23 AM
To: tac_plus at shrubbery.net
Subject: [tac_plus] question
Hi,
I am running tacacs+ version tacacs+-F4.0.4.19-1 in my envelopment. I am
having issues configuring Cisco commands with in the daemon. Currently my
cisco gear has privilege 5 permission configured for a subset of commands.
I
have to move those commands to a central place as opposed to having them
on
each device. Any help would be appreciated.
Sample of what is configured is below
group = test {
# description: test group
default service = deny
service = exec {
priv-lvl = 5
}
}
user = tactest {
login = cleartext tac
member = test
cmd = configure { permit terminal }
cmd = show {
permit .* }
}
Thanks,
--
*Mike Keselman*
**M5 Networks, Inc.
Phone: (646)747-1632
www.m5net.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.shrubbery.net/pipermail/tac_plus/attachments/20110818/244f1ef3
/attachment.html>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list