[tac_plus] Need help with do_auth config
Asif Iqbal
vadud3 at gmail.com
Sun Jun 15 23:31:17 UTC 2014
Modified the config with right user name and still same error
On Sun, Jun 15, 2014 at 7:09 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
> Let me know if there is a separate mailing list for do_auth related
> questions.
>
> So I am trying to follow the do_auth.ini syntax and need some help.
>
> I have setup the config file like below and failing to authorize.
>
> Here is the do_auth.ini file
>
> [users]
> default =
> noprivs
> foo =
> newgroup
>
iqbala =
newgroup
>
> [newgroup]
> host_allow =
> .*
> command_permit =
> show configuration.*
> device_permit =
> .*
>
> [noprivs]
> host_deny =
> .*
> device_deny =
> .*
> command_deny =
> .*
>
> Here is the error message
>
> Username: iqbala
> Password:
> % Authorization failed.
> Connection closed by foreign host.
>
>
> Here is the relevant part in tacacs.conf
>
> group = doauthaccess {
> after authorization "/usr/bin/python /root/do_auth/do_auth.pyc -i
> $address -fix_crs_bug -u $user -d $name -l /root/do_auth/do_auth.log -f
> /root/do_auth/do_auth.ini"
> }
>
> user = foo {
> login = PAM
> member = doauthaccess
>
}
>
> user = iqbala {
login = PAM
member = doauthaccess
}
> If I change the member to another group which is regular group
> and not using after authorization, user ``foo'' can login fine.
>
> I must not do doing something right.
>
> Please advise.
>
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140615/e39bfa00/attachment.html>
More information about the tac_plus
mailing list