[tac_plus] TACPLUS AD Authentication
Asif Iqbal
vadud3 at gmail.com
Thu Jun 19 16:40:11 UTC 2014
On Wed, Apr 16, 2014 at 10:54 AM, Daniel Schmidt <daniel.schmidt at wyo.gov>
wrote:
> I guess that would work if you wanted EVERY ad user to have access. Full
> access, at that.
>
> If you priv_15 everybody, they shouldn't need an enable password. Doesn't
> seem 2 work 4 the ASA though. Give everybody one generic enable password
> maybe.
>
OR may be include this patch that Matt Addison is referring to, to the
original code?
https://gist.github.com/ragzilla/11297928
>
> On Wed, Apr 16, 2014 at 8:47 AM, Linda Slater <lslater at yorku.ca> wrote:
>
> > Couple questions:
> >
> > I am using PAM_LDAP to authenticate our users via AD. The additional
> > requirements are now:
> >
> >
> >
> > 1. No usernames in the Tac+ config file, I will define only groups and
> use
> > AD groupings to decide if that user can be allowed to access a network
> > device. Does anyone have any examples using this method? Currently, I
> > have the user name ...... login = PAM, listed in the tac...config file.
> >
> > 2. Each user that logins into the Network device, must use their AD
> > password to gain enable access to the network device. Is anyone using
> > this method to allow users enable access, given that the Tac+ enable
> > password cannot be pointed to PAM? Each user will have using their own
> > AD login credentials.
> >
> >
> > Regards,
> > Linda Slater | Senior Network Designer, Network Development | University
> > Information Technology
> > 010 Steacie Science and Engineering Library | York University | 4700
> Keele
> > St. , Toronto ON Canada M3J 1P3
> > T: +1.416.736.2100 ext 22733 | F: +1.416.736.5830 | lslater at yorku.ca |
> > www.yorku.ca
> >
> > York UIT will NEVER send unsolicited requests for passwords or other
> > personal information via email. Messages requesting such information are
> > fraudulent and should be deleted.
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> >
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html
> > >
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
> >
>
>
> E-Mail to and from me, in connection with the transaction
> of public business, is subject to the Wyoming Public Records
> Act and may be disclosed to third parties.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/b7282d4f/attachment.html
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140619/5654e0ef/attachment.html>
More information about the tac_plus
mailing list