[tac_plus] multiple groups per user

Tom Murch tmurch at tommurch.com
Mon May 13 17:45:57 UTC 2013 

Hi Daniel,

This worked very well thank you. Is it possible to have multiple service
entries? I am not sure how to get around that as I use both juniper and
cisco gear I have an issue with auth using both.

Tom


On Thu, Mar 14, 2013 at 4:29 PM, Daniel Schmidt <daniel.schmidt at wyo.gov>wrote:

> Checkout do_auth.py.  Several people have reported it to be very useful.
> I've been meaning to do some more work on it and Jathan had some excellent
> ideas.
>
> tacacs.org
>
> -----Original Message-----
> From: tac_plus-bounces at shrubbery.net
> [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Tom Murch
> Sent: Thursday, March 14, 2013 12:43 PM
> To: tac_plus at shrubbery.net
> Subject: [tac_plus] multiple groups per user
>
> Hello I am trying to get this working. Reading the mailing list I was
> under the impression this was fixed. I am trying to have the same users
> admin both juniper and hp gear.
>
> #
> # tacacs configuration file
> # xxxxx -
> # /etc/tac_plus.conf
>
> # set the key
> key = xxxxx
>
> accounting file = /var/log/tac_plus.acct
>
> #group accounts
>
> group = admins {
> ## cli service for junipers
>         service = junos-exec
> {
>         local-user-name = admins
>         allow-commands = "all"
>         allow-configuration = "all"
>         deny-commands = ""
>         deny-configuration = ""
> }
> }
>
> group = admins2 {
>         default service = permit
>         service = exec {
>         priv-lvl = 15
> }
> }
>
> # users accounts
> user = tom {
>
>         member = admins
>         login = des "xxxxx"
>         enable = cleartext "xxxxx"
>         name = "Thomas Murch"
> }
>
> user = tomhp {
>         member = admins2
>         login = des "xxxxxx"
>         enable = cleartext "xxxx"
>         name = "Thomas Murch"
> }
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130314/2e757a13
> /attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>
> E-Mail to and from me, in connection with the transaction
> of public business, is subject to the Wyoming Public Records
> Act and may be disclosed to third parties.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130513/1acf201a/attachment.html>

More information about the tac_plus mailing list