[tac_plus] Info - Tacacs +
emvergb at gmail.com
emvergb at gmail.com
Fri Jan 28 13:17:54 UTC 2011
Hi Charanjit,
You don't need a nested group to achieve all your requirements. Learn how
authorization scripts work. It's how I resolved all my requirements of
having different privileges (rw, ro, no access) to every NAS plus command
authorization from a single username.
Regards,
Emver
-----Original Message-----
From: tac_plus-bounces at shrubbery.net [mailto:tac_plus-bounces at shrubbery.net]
On Behalf Of charanjit singh
Sent: Tuesday, January 25, 2011 7:48 AM
To: tac_plus at shrubbery.net
Subject: [tac_plus] Info - Tacacs +
Hi Team,
I am working as a Network Admin for a company. We are currently setting up a
new Tacacs+ solution for AAA on our devices.
I have a query --
We are running the Tacacs+ daemon on a Unix machine. The authentication
is working fine on Cisco devices. Now i have added another group for WAN
Accelerators , its just a Monitoring group
Is it possible that a user can be a member of Cisco Admin group and WAN
Accelerator Monitoring group
As per my checks a user can belong to just one group in Tacacs+.
Can i work towards a solution for my requirement by doing Nested Groups.
Is it possible that i create a Composite Group and then add both the Admin
and WAN Accelerator groups in it as Member Groups. Do you have a sample
configuration >
I tried it but i was unable to compile / save the Configuration file
Any help would be appreciated.
Regards,
Charanjit Jassar
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.shrubbery.net/pipermail/tac_plus/attachments/20110124/1fa39062/a
ttachment.html>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
More information about the tac_plus
mailing list