[tac_plus] multiple groups per user
Daniel Schmidt
daniel.schmidt at wyo.gov
Thu Mar 14 20:29:35 UTC 2013
Checkout do_auth.py. Several people have reported it to be very useful.
I've been meaning to do some more work on it and Jathan had some excellent
ideas.
tacacs.org
-----Original Message-----
From: tac_plus-bounces at shrubbery.net
[mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Tom Murch
Sent: Thursday, March 14, 2013 12:43 PM
To: tac_plus at shrubbery.net
Subject: [tac_plus] multiple groups per user
Hello I am trying to get this working. Reading the mailing list I was
under the impression this was fixed. I am trying to have the same users
admin both juniper and hp gear.
#
# tacacs configuration file
# xxxxx -
# /etc/tac_plus.conf
# set the key
key = xxxxx
accounting file = /var/log/tac_plus.acct
#group accounts
group = admins {
## cli service for junipers
service = junos-exec
{
local-user-name = admins
allow-commands = "all"
allow-configuration = "all"
deny-commands = ""
deny-configuration = ""
}
}
group = admins2 {
default service = permit
service = exec {
priv-lvl = 15
}
}
# users accounts
user = tom {
member = admins
login = des "xxxxx"
enable = cleartext "xxxxx"
name = "Thomas Murch"
}
user = tomhp {
member = admins2
login = des "xxxxxx"
enable = cleartext "xxxx"
name = "Thomas Murch"
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.shrubbery.net/pipermail/tac_plus/attachments/20130314/2e757a13
/attachment.html>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
More information about the tac_plus
mailing list