[tac_plus] AD version of the pam guide

Daniel Schmidt daniel.schmidt at wyo.gov
Thu Apr 26 16:27:58 UTC 2012


Thanks for the suggestion!  If you'd be willing to write/modify a how-to,
I'm sure people (me) would benefit from it.  My only goal is to prevent
being forced to move to Cisco ACS - Kerberos eliminated this week's risk.
I'd like ldap - would be better - far too busy to figure it out.  Got to
fix Juniper support in do_auth - too many other mundane network tasks 2
do.

-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Brandon Ewing
Sent: Thursday, April 26, 2012 5:58 AM
To: tac_plus at shrubbery.net
Subject: Re: [tac_plus] AD version of the pam guide

On Wed, Apr 25, 2012 at 11:59:08AM -0600, Daniel Schmidt wrote:
> So... you're saying.... homer would need to exist locally on the box
> first?  :-\
>
> Of course, that works much better.  My sincerest apologies for wasting
> everybody's time on this, thanks Adam and 'Heas.  When I get a chance,
> I'll add this to tacacs.org lest anybody waste your time with this
again.
> (New version of do_auth also coming - support for juniper pairs)
>

My installation uses nss_ldap to connect to our AD LDAP to centralize
account information.  This may be a path for you, either through setting
up a service account to handle LDAP binds for nss_ldap, or using machine
accounts via joining the machine to the domain with Samba.

-- 
Brandon Ewing
(nicotine at warningg.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<http://www.shrubbery.net/pipermail/tac_plus/attachments/20120426/68fc5924
/attachment.bin>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.



More information about the tac_plus mailing list