[tac_plus] Advice for HP Procurve 2626 switches
David Midlo
David.Midlo at stfrancis.k12.mn.us
Thu Jun 7 14:41:13 UTC 2012
"I have serveral procurve models (2510,2610, 5120,4100) working well with tac_plus, in some models I have needed to upgrade the firmware to use privilege attributes."
This is what the problem turned out to be. After a night firmware updates, these procurves now play nice enough with tac_plus. It should be said though that it only works if priv-lvl 15 is defined for users in tac_plus.conf on the server side and on the switch side, issuing the command 'aaa authentication login privilege-mode'. These switches still don't seem to pass the username when logging in to user-mode and then to enable.
For my environment this works as there are no level 1 network technicians who would utilize operator mode. I could see for some however, that it could represent a problem.
Thanks for your help!
David Midlo
Discovery | Integrity | Will | Organic | Stewardship
Interim Network Administrator
Independent School District 15 - St Francis, Minnesota
Office of School Technology
Office 763 753 7154 Mobile 763 286 6335
District Information<http://www.stfrancis.k12.mn.us/> | Calendar<http://www.google.com/calendar/embed?src=david.midlo@stfrancis.k12.mn.us&ctz=America/Chicago> | Helpdesk Request <http://saints/OST/Lists/Helpdesk%20Request/NewForm.aspx>
From: Antonio Ojea Garcia <antonio.ojea.garcia at gmail.com<mailto:antonio.ojea.garcia at gmail.com>>
To: "David J. Midlo" <david.midlo at stfrancis.k12.mn.us<mailto:david.midlo at stfrancis.k12.mn.us>>
Cc: "tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>" <tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>>
Subject: Re: [tac_plus] Advice for HP Procurve 2626 switches
Hello,
Could you try to put this on your tac_plus.conf ?:
user = $enable$ {
login = cleartext "password"
}
I have serveral procurve models (2510,2610, 5120,4100) working well with tac_plus, in some models I have needed to upgrade the firmware to use privilege attributes.
Also you don't have the tacacs key in your procurve configuration, dont forget it ;)
2012/6/6 David Midlo <David.Midlo at stfrancis.k12.mn.us<mailto:David.Midlo at stfrancis.k12.mn.us>>
Hello,
It seems HP Procurves don't report back the username when moving to enable mode. The reply after entering the password is 'invalid password'. You can find my config here http://pastebin.com/MAyFLxxF the switch is configured with the key (removed from paste).
I'm having trouble finding any documentation as to how to approach this issue, any example configs or modifications/directives would be greatly appreciated.
With regards,
David Midlo
David Midlo
Discovery | Integrity | Will | Organic | Stewardship
Interim Network Administrator
Independent School District 15 - St Francis, Minnesota
Office of School Technology
Office 763 753 7154 Mobile 763 286 6335
District Information<http://www.stfrancis.k12.mn.us/> | Calendar<http://www.google.com/calendar/embed?src=david.midlo%40stfrancis.k12.mn.us&ctz=America/Chicago%22%20style=%22border:%200%22%20width=%22800%22%20height=%22600%22%20frameborder=%220%22%20scrolling=%22no%22> | Helpdesk Request <http://saints/OST/Lists/Helpdesk%20Request/NewForm.aspx>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20120606/1ae33eb2/attachment.html>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20120607/3087e810/attachment.html>
More information about the tac_plus
mailing list