[tac_plus] Need help with do_auth config
Asif Iqbal
vadud3 at gmail.com
Sun Jun 15 23:09:25 UTC 2014
Let me know if there is a separate mailing list for do_auth related
questions.
So I am trying to follow the do_auth.ini syntax and need some help.
I have setup the config file like below and failing to authorize.
Here is the do_auth.ini file
[users]
default =
noprivs
foo =
newgroup
[newgroup]
host_allow =
.*
command_permit =
show configuration.*
device_permit =
.*
[noprivs]
host_deny =
.*
device_deny =
.*
command_deny =
.*
Here is the error message
Username: iqbala
Password:
% Authorization failed.
Connection closed by foreign host.
Here is the relevant part in tacacs.conf
group = doauthaccess {
after authorization "/usr/bin/python /root/do_auth/do_auth.pyc -i
$address -fix_crs_bug -u $user -d $name -l /root/do_auth/do_auth.log -f
/root/do_auth/do_auth.ini"
}
user = foo {
login = PAM
member = doauthaccess
}
If I change the member to another group which is regular group
and not using after authorization, user ``foo'' can login fine.
I must not do doing something right.
Please advise.
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140615/69fb3916/attachment.html>
More information about the tac_plus
mailing list