[tac_plus] TACPLUS AD Authentication

Asif Iqbal vadud3 at gmail.com
Thu Jun 19 21:58:52 UTC 2014


I end up patching manually. It's in github.com/asifiqbal/tac_plus ragzilla
branch.
On Jun 19, 2014 5:14 PM, "Daniel Schmidt" <daniel.schmidt at wyo.gov> wrote:

> Arg.
>
> $ patch -p0 < pamenable.patch
> patching file tacacs+-F4.0.4.27a/aceclnt_fn.c
> Hunk #1 FAILED at 193.
> 1 out of 1 hunk FAILED -- saving rejects to file
> tacacs+-F4.0.4.27a/aceclnt_fn.c.rej
> patching file tacacs+-F4.0.4.27a/config.c
> Hunk #1 FAILED at 1220.
> Hunk #2 FAILED at 1908.
> 2 out of 2 hunks FAILED -- saving rejects to file
> tacacs+-F4.0.4.27a/config.c.rej
> patching file tacacs+-F4.0.4.27a/enable.c
> Hunk #1 FAILED at 53.
> 1 out of 1 hunk FAILED -- saving rejects to file
> tacacs+-F4.0.4.27a/enable.c.rej
> patching file tacacs+-F4.0.4.27a/pwlib.c
> Hunk #2 succeeded at 592 with fuzz 1.
> patching file tacacs+-F4.0.4.27a/tacacs.h
> patch unexpectedly ends in middle of line
> Hunk #1 FAILED at 482.
> 1 out of 1 hunk FAILED -- saving rejects to file
> tacacs+-F4.0.4.27a/tacacs.h.rej
>
>
>
> On Thu, Jun 19, 2014 at 10:40 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
>>
>>
>>
>> On Wed, Apr 16, 2014 at 10:54 AM, Daniel Schmidt <daniel.schmidt at wyo.gov>
>> wrote:
>>
>>> I guess that would work if you wanted EVERY ad user to have access.  Full
>>> access, at that.
>>>
>>> If you priv_15 everybody, they shouldn't need an enable password.
>>>  Doesn't
>>> seem 2 work 4 the ASA though.  Give everybody one generic enable password
>>> maybe.
>>>
>>
>>
>>
>> OR may be include this patch that Matt Addison is referring to, to the
>> original code?
>>
>> https://gist.github.com/ragzilla/11297928
>>
>>
>>
>>
>>
>>
>>>
>>> On Wed, Apr 16, 2014 at 8:47 AM, Linda Slater <lslater at yorku.ca> wrote:
>>>
>>> > Couple questions:
>>> >
>>> > I am using PAM_LDAP  to authenticate our users via AD.    The
>>> additional
>>> > requirements are now:
>>> >
>>> >
>>> >
>>> > 1. No usernames in the Tac+ config file, I will define only groups and
>>> use
>>> > AD groupings to decide if that user can be allowed to access a network
>>> > device.   Does anyone have any examples using this method?  Currently,
>>>  I
>>> > have the user name ......  login = PAM, listed in the tac...config
>>> file.
>>> >
>>> > 2. Each user that logins into the Network device, must use their AD
>>> > password to gain enable access to the network device.   Is anyone using
>>> > this method to allow users enable access, given that the Tac+ enable
>>> > password cannot be pointed to PAM?   Each user will have using their
>>> own
>>> > AD login credentials.
>>> >
>>> >
>>> > Regards,
>>> > Linda Slater | Senior Network Designer, Network Development |
>>> University
>>> > Information Technology
>>> > 010 Steacie Science and Engineering Library | York University | 4700
>>> Keele
>>> > St. , Toronto ON Canada M3J 1P3
>>> > T: +1.416.736.2100 ext 22733 | F: +1.416.736.5830 | lslater at yorku.ca |
>>> > www.yorku.ca
>>> >
>>> > York UIT will NEVER send unsolicited requests for passwords or other
>>> > personal information via email. Messages requesting such information
>>> are
>>> > fraudulent and should be deleted.
>>> > -------------- next part --------------
>>> > An HTML attachment was scrubbed...
>>> > URL: <
>>> >
>>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html
>>> > >
>>> > _______________________________________________
>>> > tac_plus mailing list
>>> > tac_plus at shrubbery.net
>>> > http://www.shrubbery.net/mailman/listinfo/tac_plus
>>> >
>>>
>>>
>>> E-Mail to and from me, in connection with the transaction
>>> of public business, is subject to the Wyoming Public Records
>>> Act and may be disclosed to third parties.
>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>> URL: <
>>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/b7282d4f/attachment.html
>>> >
>>>
>>> _______________________________________________
>>> tac_plus mailing list
>>> tac_plus at shrubbery.net
>>> http://www.shrubbery.net/mailman/listinfo/tac_plus
>>>
>>
>>
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>>
>>
>
> E-Mail to and from me, in connection with the transaction
> of public business, is subject to the Wyoming Public Records
> Act and may be disclosed to third parties.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140619/37b3e15e/attachment.html>


More information about the tac_plus mailing list