[tac_plus] New service

Mon Oct 17 14:31:42 UTC 2011

Sounds similar to the wlc, try role as a tac_pair.

http://tacacs.org/2008/11/04/cisco-wireless-control-system/

-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Anne Wei
Sent: Friday, October 14, 2011 1:00 PM
To: tac_plus at shrubbery.net
Subject: [tac_plus] New service

Greeting,

I need help for a new request in our environment.

We want to use tac_plus as authentication for a GUI client application -
silverpeak. We currently have group SSONET defined in tac_plus.cfg as
following:

group = SSONET {

  default service = permit

  service = shell { priv_lvl=15 }

  service = exec  {

     priv-lvl=15

     optional shell:Admin = "Admin default-domain"

  }

  service = junos-exec  { local-user-name = remote-ro }

  after authorization "/bin/sh /app/tacacs/etc/do_auth.sh $name
/app/tacacs/etc/allow.sso  /app/tacacs/etc/allow.sso_storage"

}

The GUI client requires silverpeak is defined on TACACS+ server, and use
any
of the following as customer attribute for the service: role=admin,
role=manager,role=monitor. I checked only, and don't see the role concept
in
tac_plus.cfg. And since there is default service = permit at top, can I
assume if no service silverpeak defined, the default authorization is
permit?

Please give me some advice and guide,

Thank you,

Anne

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.shrubbery.net/pipermail/tac_plus/attachments/20111014/f1d02638
/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5428 bytes
Desc: not available
URL:
<http://www.shrubbery.net/pipermail/tac_plus/attachments/20111014/f1d02638
/attachment.bin>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus