[tac_plus] TACPLUS AD Authentication

Linda Slater lslater at yorku.ca
Wed Apr 16 17:08:40 UTC 2014 

The idea is the user will still need to enable up but instead of using a 
generic password , they will use their AD password.  I am not sure if , I 
need to script that information in LDAP.conf /AD or somehow utilise the 
PAM module.   Still learning the capabilities of LDAP and PAM. 

Linda


From:   Daniel Schmidt <daniel.schmidt at wyo.gov>
To:     Linda Slater <lslater at yorku.ca>, 
Cc:     "tac_plus at shrubbery.net" <tac_plus at shrubbery.net>
Date:   2014/04/16 10:54 AM
Subject:        Re: [tac_plus] TACPLUS AD Authentication



I guess that would work if you wanted EVERY ad user to have access.  Full 
access, at that. 

If you priv_15 everybody, they shouldn't need an enable password.  Doesn't 
seem 2 work 4 the ASA though.  Give everybody one generic enable password 
maybe.  


On Wed, Apr 16, 2014 at 8:47 AM, Linda Slater <lslater at yorku.ca> wrote:
Couple questions:

I am using PAM_LDAP  to authenticate our users via AD.    The additional
requirements are now:



1. No usernames in the Tac+ config file, I will define only groups and use
AD groupings to decide if that user can be allowed to access a network
device.   Does anyone have any examples using this method?  Currently,  I
have the user name ......  login = PAM, listed in the tac...config file.

2. Each user that logins into the Network device, must use their AD
password to gain enable access to the network device.   Is anyone using
this method to allow users enable access, given that the Tac+ enable
password cannot be pointed to PAM?   Each user will have using their own
AD login credentials.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html
>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/tac_plus


E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/6733fcb2/attachment.html>

More information about the tac_plus mailing list