[tac_plus] Nexus
Daniel Schmidt
daniel.schmidt at wyo.gov
Wed Nov 2 18:55:21 UTC 2011
I have updated the do_auth.py authentication script to handle nexus, thus
it can provide the same multiple group authentication it provides on other
Cisco devices. (or at least provide an example) I have not been able to
pass a role tac_pair successfully – please post if you have any progress
with this.
I had success with the nexus with the following config: (Note that many of
the commands you traditionally look for are available)
!Command: show running-config aaa
!Time: Wed Oct 26 18:28:46 2011
version 5.0(3)N1(1c)
aaa authentication login default group private
aaa authorization config-commands default group private
aaa authorization commands default group private
aaa accounting default group private
As was discussed previously, the nexus seems to authenticate pap. No clue
why Cisco did this; putting pap user names in the tac_plus.conf fixes login
issues. Also, the resulting accounting file is different so if you have
written cgi scripts to parse your accounting log, be prepared to rewrite
them.
E-Mail to and from me, in connection with the transaction
of public business,is subject to the Wyoming Public Records
Act, and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20111102/7f11f34e/attachment.html>
More information about the tac_plus
mailing list