[tac_plus] Problem with creating Multiple groups for a single user. (creating composite groups)
Mohan Reddy
mreddy at aristanetworks.com
Sun Apr 6 21:54:00 UTC 2014
Daniel,
The parsing error got resolved. I was receiving the parsing error due to
the indentation in do_auth.ini file.
Now the script is working fine.
Thanks,
Mohan
On Sun, Apr 6, 2014 at 11:53 AM, Daniel Schmidt <daniel.schmidt at wyo.gov>wrote:
> It probably works best when the library is also called to WRITE the ini,
> which I don't do. (Library doesn't have much idiot checking in it) For
> most, I think tacacs is something you setup and mainly leave alone which is
> why I haven't done more.
>
> Perhaps I should get with Jathan and work on detecting errors in the
> parsing, as this seems to be the biggest mistake people make, especially as
> some people don't care about multiple groups at all, they only want their
> tac_plus to work correctly with Nexus. Maybe including a default ini file
> with the download could help.
>
> On a side note, while thanking Alan for his assisting while I was out, I
> have to also smile at a bit of irony in that the one person who was wary
> and wouldn't touch do_auth is now helping people with it. :-P Thanks
> Alan!
>
>
> On Thu, Apr 3, 2014 at 11:48 AM, Alan McKinnon <alan.mckinnon at gmail.com
> >wrote:
>
> > Python indentation rules, yes I know that problem well :-)
> >
> > Good to hear you got it fixed.
> >
> >
> >
> > On 03/04/2014 19:14, Mohan Reddy wrote:
> > > Alan,
> > > It worked, Sorry it was indentation in do_auth.ini script which has
> been
> > > resolved now. Now my problem with multiple groups has been resolved.
> > >
> > > Thanks,
> > > Mohan
> > >
> > > -----Original Message-----
> > > From: tac_plus-bounces at shrubbery.net
> > > [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Alan McKinnon
> > > Sent: Wednesday, April 02, 2014 11:10 PM
> > > To: tac_plus at shrubbery.net
> > > Subject: Re: [tac_plus] Problem with creating Multiple groups for a
> > single
> > > user. (creating composite groups)
> > >
> > > On 02/04/2014 20:23, Mohan Reddy wrote:
> > >> Alan,
> > >> As mentioned by you I used Dan's python script but I did receive a
> > >> parsing error . Below is the error details and config details,
> > >>
> > >> 2014-04-02 10:44:04,978 [CRITICAL]: Can't open/parse config file:
> > >> '/usr/bin/do_auth.ini'
> > >
> > >
> > > Does /usr/bin/do_auth.ini really exist?
> > > What are the ownerships and permissions of that file?
> > > As which user does tac_plus run?
> > >
> > >
> > >
> > >
> > >> 2014-04-02 10:54:53,545 [CRITICAL]: Can't open/parse config file:
> > >> '/usr/bin/do_auth.ini'
> > >> 2014-04-02 10:59:28,184 [CRITICAL]: Can't open/parse config file:
> > >> '/usr/bin/do_auth.ini'
> > >>
> > >>
> > >> ----------------------------------------------------------------------
> > >> ----
> > >> -------------------------
> > >> Configuration in Tacacs_conf file
> > >> ----------------------------------------------------------------------
> > >> ----
> > >> -----------------------------
> > >> user = test1 {
> > >> member = doauthaccess
> > >> }
> > >>
> > >> group = doauthaccess {
> > >> default service = permit
> > >>
> > >> service = exec {
> > >> priv-lvl = 15
> > >> }
> > >>
> > >> after authorization "/usr/bin/python /usr/bin/do_auth.py -i
> > >> $address -u $user -d $name -l /usr/bin/log.txt -f
> /usr/bin/do_auth.ini"
> > >> }
> > >>
> > >> ----------------------------------------------------------------------
> > >> ----
> > >> -------------------------
> > >> Configuration in do_auth.ini file
> > >> ----------------------------------------------------------------------
> > >> ----
> > >> -----------------------------
> > >>
> > >> [users]
> > >> default =
> > >> noprivs
> > >> jathan =
> > >> vdxgroup
> > >> dans =
> > >> vdxgroup
> > >> test1 =
> > >> readonly1
> > >>
> > >> [readonly1]
> > >> host_allow =
> > >> .*
> > >> device_permit =
> > >> .*
> > >> command_permit =
> > >> .*
> > >>
> > >> --------------------------------------------------------------
> > >>
> > >> May I know what might be the issue.
> > >>
> > >> Thanks,
> > >> Mohan
> > >> _______________________________________________
> > >> tac_plus mailing list
> > >> tac_plus at shrubbery.net
> > >> http://www.shrubbery.net/mailman/listinfo/tac_plus
> > >>
> > >>
> > >
> > >
> > > --
> > > Alan McKinnon
> > > alan.mckinnon at gmail.com
> > >
> > > _______________________________________________
> > > tac_plus mailing list
> > > tac_plus at shrubbery.net
> > > http://www.shrubbery.net/mailman/listinfo/tac_plus
> > >
> >
> >
> > --
> > Alan McKinnon
> > alan.mckinnon at gmail.com
> >
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
> >
>
>
> E-Mail to and from me, in connection with the transaction
> of public business, is subject to the Wyoming Public Records
> Act and may be disclosed to third parties.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140406/448c1085/attachment.html
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140406/33506e07/attachment.html>
More information about the tac_plus
mailing list