[tac_plus] Certain Permissions on some IP's and wide open Permissions on other IP's for same user-group-acl

Daniel Schmidt daniel.schmidt at wyo.gov
Tue Dec 2 02:58:43 UTC 2014


You may see here for more info:

http://blogs.sackheads.org/tacacsplus/page/2/

And thanks for the nice recommendation, Alan

On Mon, Dec 1, 2014 at 1:32 PM, Alan McKinnon <alan.mckinnon at gmail.com>
wrote:

> On 01/12/2014 21:42, dwnek at dollartree.com wrote:
> >
> > I would like to have two separate ACL's for one group. One ACL will
> allow a
> > network security group to run any command they want on switches they are
> > responsible for managing and the other ACL will only allow them to run
> some
> > show commands on any other network switch.  Is this possible?  Can I
> > configure one group in the tac_plus.cfg with two nested ACL's?  Please
> > provide a short config example.
> >
> >
> > Thank You, Derek
>
> It is possible using tac_plus.conf, but to do it you have to jump
> through many painful hoops that you will not understand tomorrow. many
> of us have gone down this road already and felt the pain.
>
>
> You want Dan Schmidt's do_auth.py script, bundled with recent versions
> of tac_plus. It comes with very clear complete docs, read them just once
> and it will be obvious how to solve the problem you face.
>
>
>
>
> --
> Alan McKinnon
> alan.mckinnon at gmail.com
>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>


E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20141201/885e8b0a/attachment.html>


More information about the tac_plus mailing list