[tac_plus] TACPLUS AD Authentication
Daniel Schmidt
daniel.schmidt at wyo.gov
Thu Jun 19 21:14:08 UTC 2014
Arg.
$ patch -p0 < pamenable.patch
patching file tacacs+-F4.0.4.27a/aceclnt_fn.c
Hunk #1 FAILED at 193.
1 out of 1 hunk FAILED -- saving rejects to file
tacacs+-F4.0.4.27a/aceclnt_fn.c.rej
patching file tacacs+-F4.0.4.27a/config.c
Hunk #1 FAILED at 1220.
Hunk #2 FAILED at 1908.
2 out of 2 hunks FAILED -- saving rejects to file
tacacs+-F4.0.4.27a/config.c.rej
patching file tacacs+-F4.0.4.27a/enable.c
Hunk #1 FAILED at 53.
1 out of 1 hunk FAILED -- saving rejects to file
tacacs+-F4.0.4.27a/enable.c.rej
patching file tacacs+-F4.0.4.27a/pwlib.c
Hunk #2 succeeded at 592 with fuzz 1.
patching file tacacs+-F4.0.4.27a/tacacs.h
patch unexpectedly ends in middle of line
Hunk #1 FAILED at 482.
1 out of 1 hunk FAILED -- saving rejects to file
tacacs+-F4.0.4.27a/tacacs.h.rej
On Thu, Jun 19, 2014 at 10:40 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
>
>
> On Wed, Apr 16, 2014 at 10:54 AM, Daniel Schmidt <daniel.schmidt at wyo.gov>
> wrote:
>
>> I guess that would work if you wanted EVERY ad user to have access. Full
>> access, at that.
>>
>> If you priv_15 everybody, they shouldn't need an enable password. Doesn't
>> seem 2 work 4 the ASA though. Give everybody one generic enable password
>> maybe.
>>
>
>
>
> OR may be include this patch that Matt Addison is referring to, to the
> original code?
>
> https://gist.github.com/ragzilla/11297928
>
>
>
>
>
>
>>
>> On Wed, Apr 16, 2014 at 8:47 AM, Linda Slater <lslater at yorku.ca> wrote:
>>
>> > Couple questions:
>> >
>> > I am using PAM_LDAP to authenticate our users via AD. The additional
>> > requirements are now:
>> >
>> >
>> >
>> > 1. No usernames in the Tac+ config file, I will define only groups and
>> use
>> > AD groupings to decide if that user can be allowed to access a network
>> > device. Does anyone have any examples using this method? Currently,
>> I
>> > have the user name ...... login = PAM, listed in the tac...config file.
>> >
>> > 2. Each user that logins into the Network device, must use their AD
>> > password to gain enable access to the network device. Is anyone using
>> > this method to allow users enable access, given that the Tac+ enable
>> > password cannot be pointed to PAM? Each user will have using their own
>> > AD login credentials.
>> >
>> >
>> > Regards,
>> > Linda Slater | Senior Network Designer, Network Development | University
>> > Information Technology
>> > 010 Steacie Science and Engineering Library | York University | 4700
>> Keele
>> > St. , Toronto ON Canada M3J 1P3
>> > T: +1.416.736.2100 ext 22733 | F: +1.416.736.5830 | lslater at yorku.ca |
>> > www.yorku.ca
>> >
>> > York UIT will NEVER send unsolicited requests for passwords or other
>> > personal information via email. Messages requesting such information are
>> > fraudulent and should be deleted.
>> > -------------- next part --------------
>> > An HTML attachment was scrubbed...
>> > URL: <
>> >
>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html
>> > >
>> > _______________________________________________
>> > tac_plus mailing list
>> > tac_plus at shrubbery.net
>> > http://www.shrubbery.net/mailman/listinfo/tac_plus
>> >
>>
>>
>> E-Mail to and from me, in connection with the transaction
>> of public business, is subject to the Wyoming Public Records
>> Act and may be disclosed to third parties.
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/b7282d4f/attachment.html
>> >
>>
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/tac_plus
>>
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140619/4f1b3fe0/attachment.html>
More information about the tac_plus
mailing list