[tac_plus] Problem with creating Multiple groups for a single user. (creating composite groups)

Alan McKinnon alan.mckinnon at gmail.com
Tue Mar 18 09:02:41 UTC 2014 

On 18/03/2014 00:49, Mohan Reddy wrote:
> Hi,
> 
> I am trying to create a composite group to assign it to an user but it's
> not working and tacacs service fails when restarted. Below is the link
> which I followed
> 
> 
> 
> http://www.shrubbery.net/pipermail/tac_plus/2007-August/000125.html

Addition to my other mail:

That link you followed requires Kiss's patch to be applied before it
will work. You need to find the patch code, apply it and recompile.



> 
> 
> 
> 
> 
> Below is the package details currently I have on my system
> 
> Version: 4.0.4.19-11build1
> 
> Depends: libc6 (>= 2.14), libpam0g (>= 0.99.7.1), libtacacs+1, libwrap0 (>=
> 7.6-4~), adduser, python
> 
> Conffiles:
> 
> /etc/logrotate.d/tacacs+ cabd142065137950856da3a031d7121b
> 
> /etc/default/tacacs+ d794c7a21bf0a2fb3e8276958d096474
> 
> /etc/init.d/tacacs_plus 56440b8721635d29ff42fea7d906c55d
> 
> /etc/tacacs+/tac_plus.conf a2d54ccc38d35fb06e5f08b4be23f17a
> 
> Description: TACACS+ authentication daemon
> 
> TACACS+ is a protocol (not TACACS or XTACACS) for authentication,
> 
> authorization and accounting (AAA) services for routers and network devices.
> 
> Original-Maintainer: Henry-Nicolas Tourneur <henry.nicolas at tourneur.be>
> 
> Homepage: http://www.shrubbery.net/tac_plus/
> 
> 
> 
> 
> 
> Below is sample of my configuration
> 
> 
> 
> acl = 1 {
> 
> permit = ^10\.190\.0\.
> 
> }
> 
> acl = 2 {
> 
> permit = ^172\.22\.
> 
> }
> 
> 
> 
> 
> 
> #test
> 
> group = readonly1 {
> 
> default service = deny
> 
> acl = 1
> 
> service = exec {
> 
> priv-lvl = 2
> 
> }
> 
> cmd = show {
> 
> permit .*
> 
> }
> 
> cmd = conf {
> 
> permit .*
> 
> }
> 
> cmd = bash {
> 
> deny .*
> 
> }
> 
> }
> 
> 
> 
> #readonly - account
> 
> group = readonly2 {
> 
> default service = deny
> 
> acl = 2
> 
> service = exec {
> 
> priv-lvl = 2
> 
> }
> 
> cmd = show {
> 
> permit .*
> 
> }
> 
> cmd = enable {
> 
> permit .*
> 
> }
> 
> cmd = conf {
> 
> deny .*
> 
> }
> 
> cmd = bash {
> 
> permit .*
> 
> }
> 
> cmd = clear {
> 
> deny .*
> 
> }
> 
> cmd = exit {
> 
> permit .*
> 
> }
> 
> }
> 
> 
> 
> #test
> 
> group = test_all {
> 
> member = readonly1
> 
> member = readonly2
> 
> }
> 
> 
> 
> user = mohan {
> 
> default service = deny
> 
> member = test_all
> 
> }
> 
> 
> 
> Thanks,
> 
> Mohan
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140317/3b76bf4c/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
> 
> 


-- 
Alan McKinnon
alan.mckinnon at gmail.com

More information about the tac_plus mailing list