[tac_plus] TACPLUS AD Authentication

Daniel Schmidt daniel.schmidt at wyo.gov
Wed Apr 16 14:54:39 UTC 2014


I guess that would work if you wanted EVERY ad user to have access.  Full
access, at that.

If you priv_15 everybody, they shouldn't need an enable password.  Doesn't
seem 2 work 4 the ASA though.  Give everybody one generic enable password
maybe.


On Wed, Apr 16, 2014 at 8:47 AM, Linda Slater <lslater at yorku.ca> wrote:

> Couple questions:
>
> I am using PAM_LDAP  to authenticate our users via AD.    The additional
> requirements are now:
>
>
>
> 1. No usernames in the Tac+ config file, I will define only groups and use
> AD groupings to decide if that user can be allowed to access a network
> device.   Does anyone have any examples using this method?  Currently,  I
> have the user name ......  login = PAM, listed in the tac...config file.
>
> 2. Each user that logins into the Network device, must use their AD
> password to gain enable access to the network device.   Is anyone using
> this method to allow users enable access, given that the Tac+ enable
> password cannot be pointed to PAM?   Each user will have using their own
> AD login credentials.
>
>
> Regards,
> Linda Slater | Senior Network Designer, Network Development | University
> Information Technology
> 010 Steacie Science and Engineering Library | York University | 4700 Keele
> St. , Toronto ON Canada M3J 1P3
> T: +1.416.736.2100 ext 22733 | F: +1.416.736.5830 | lslater at yorku.ca |
> www.yorku.ca
>
> York UIT will NEVER send unsolicited requests for passwords or other
> personal information via email. Messages requesting such information are
> fraudulent and should be deleted.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>


E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/b7282d4f/attachment.html>


More information about the tac_plus mailing list