[tac_plus] Problem with creating Multiple groups for a single user. (creating composite groups)
Mohan Reddy
mreddy at aristanetworks.com
Mon Mar 17 22:49:49 UTC 2014
Hi,
I am trying to create a composite group to assign it to an user but it's
not working and tacacs service fails when restarted. Below is the link
which I followed
http://www.shrubbery.net/pipermail/tac_plus/2007-August/000125.html
Below is the package details currently I have on my system
Version: 4.0.4.19-11build1
Depends: libc6 (>= 2.14), libpam0g (>= 0.99.7.1), libtacacs+1, libwrap0 (>=
7.6-4~), adduser, python
Conffiles:
/etc/logrotate.d/tacacs+ cabd142065137950856da3a031d7121b
/etc/default/tacacs+ d794c7a21bf0a2fb3e8276958d096474
/etc/init.d/tacacs_plus 56440b8721635d29ff42fea7d906c55d
/etc/tacacs+/tac_plus.conf a2d54ccc38d35fb06e5f08b4be23f17a
Description: TACACS+ authentication daemon
TACACS+ is a protocol (not TACACS or XTACACS) for authentication,
authorization and accounting (AAA) services for routers and network devices.
Original-Maintainer: Henry-Nicolas Tourneur <henry.nicolas at tourneur.be>
Homepage: http://www.shrubbery.net/tac_plus/
Below is sample of my configuration
acl = 1 {
permit = ^10\.190\.0\.
}
acl = 2 {
permit = ^172\.22\.
}
#test
group = readonly1 {
default service = deny
acl = 1
service = exec {
priv-lvl = 2
}
cmd = show {
permit .*
}
cmd = conf {
permit .*
}
cmd = bash {
deny .*
}
}
#readonly - account
group = readonly2 {
default service = deny
acl = 2
service = exec {
priv-lvl = 2
}
cmd = show {
permit .*
}
cmd = enable {
permit .*
}
cmd = conf {
deny .*
}
cmd = bash {
permit .*
}
cmd = clear {
deny .*
}
cmd = exit {
permit .*
}
}
#test
group = test_all {
member = readonly1
member = readonly2
}
user = mohan {
default service = deny
member = test_all
}
Thanks,
Mohan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140317/3b76bf4c/attachment.html>
More information about the tac_plus
mailing list