[tac_plus] Problem with creating Multiple groups for a single user. (creating composite groups)

Daniel Schmidt daniel.schmidt at wyo.gov
Sun Apr 6 18:53:15 UTC 2014


It probably works best when the library is also called to WRITE the ini,
which I don't do.  (Library doesn't have much idiot checking in it)  For
most, I think tacacs is something you setup and mainly leave alone which is
why I haven't done more.

Perhaps I should get with Jathan and work on detecting errors in the
parsing, as this seems to be the biggest mistake people make, especially as
some people don't care about multiple groups at all, they only want their
tac_plus to work correctly with Nexus.  Maybe including a default ini file
with the download could help.

On a side note, while thanking Alan for his assisting while I was out, I
have to also smile at a bit of irony in that the one person who was wary
and wouldn't touch do_auth is now helping people with it.  :-P  Thanks Alan!


On Thu, Apr 3, 2014 at 11:48 AM, Alan McKinnon <alan.mckinnon at gmail.com>wrote:

> Python indentation rules, yes I know that problem well :-)
>
> Good to hear you got it fixed.
>
>
>
> On 03/04/2014 19:14, Mohan Reddy wrote:
> > Alan,
> > It worked, Sorry it was indentation in do_auth.ini script which has been
> > resolved now. Now my problem with multiple groups has been resolved.
> >
> > Thanks,
> > Mohan
> >
> > -----Original Message-----
> > From: tac_plus-bounces at shrubbery.net
> > [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Alan McKinnon
> > Sent: Wednesday, April 02, 2014 11:10 PM
> > To: tac_plus at shrubbery.net
> > Subject: Re: [tac_plus] Problem with creating Multiple groups for a
> single
> > user. (creating composite groups)
> >
> > On 02/04/2014 20:23, Mohan Reddy wrote:
> >> Alan,
> >> As mentioned by you I used Dan's python script but I did receive a
> >> parsing error . Below is the error details and config details,
> >>
> >> 2014-04-02 10:44:04,978 [CRITICAL]: Can't open/parse config file:
> >> '/usr/bin/do_auth.ini'
> >
> >
> > Does /usr/bin/do_auth.ini really exist?
> > What are the ownerships and permissions of that file?
> > As which user does tac_plus run?
> >
> >
> >
> >
> >> 2014-04-02 10:54:53,545 [CRITICAL]: Can't open/parse config file:
> >> '/usr/bin/do_auth.ini'
> >> 2014-04-02 10:59:28,184 [CRITICAL]: Can't open/parse config file:
> >> '/usr/bin/do_auth.ini'
> >>
> >>
> >> ----------------------------------------------------------------------
> >> ----
> >> -------------------------
> >> Configuration in Tacacs_conf file
> >> ----------------------------------------------------------------------
> >> ----
> >> -----------------------------
> >> user = test1 {
> >>         member = doauthaccess
> >> }
> >>
> >> group = doauthaccess {
> >>     default service = permit
> >>
> >>     service = exec {
> >>         priv-lvl = 15
> >>     }
> >>
> >>     after authorization "/usr/bin/python /usr/bin/do_auth.py -i
> >> $address -u $user -d $name -l /usr/bin/log.txt -f /usr/bin/do_auth.ini"
> >> }
> >>
> >> ----------------------------------------------------------------------
> >> ----
> >> -------------------------
> >> Configuration in do_auth.ini file
> >> ----------------------------------------------------------------------
> >> ----
> >> -----------------------------
> >>
> >> [users]
> >> default =
> >> noprivs
> >> jathan =
> >> vdxgroup
> >> dans =
> >> vdxgroup
> >> test1 =
> >> readonly1
> >>
> >> [readonly1]
> >> host_allow =
> >> .*
> >> device_permit =
> >> .*
> >> command_permit =
> >> .*
> >>
> >> --------------------------------------------------------------
> >>
> >> May I know what might be the issue.
> >>
> >> Thanks,
> >> Mohan
> >> _______________________________________________
> >> tac_plus mailing list
> >> tac_plus at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo/tac_plus
> >>
> >>
> >
> >
> > --
> > Alan McKinnon
> > alan.mckinnon at gmail.com
> >
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
> >
>
>
> --
> Alan McKinnon
> alan.mckinnon at gmail.com
>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>


E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140406/448c1085/attachment.html>


More information about the tac_plus mailing list