[tac_plus] Authentication using Likewise and AD

John Fraizer john at op-sec.us
Mon Mar 30 21:56:50 UTC 2015


Make sure you've got PAM development libs installed.

John Fraizer
--Sent from my Android phone.
Please excuse any typos.
On Mar 30, 2015 2:53 PM, "Matt Almgren" <matta at surveymonkey.com> wrote:

>  It looks like pam libraries aren’t installed correctly and I can’t find
> the proper one to install, if it even matters:
>
>  My install says “no” to this output message.  But the PAM_guide on the
> shrubbery site says it should be saying “yes"
>
> *      checking for pam_start in -lpam... yes
>
> If that says yes, then the daemon will compile with pam support. If it
> says no, then configure is unable to find your pam libraries. Make sure
> you performed Step 1.*
>
> I assume this is important, or should I skip it and try to install without it?
>
>
> Thanks, Matt
>
>
>
>
>
>
>
>   From: John Fraizer <john at op-sec.us>
> Date: Monday, March 30, 2015 at 12:53 PM
> To: Matt Almgren <matta at surveymonkey.com>
> Cc: "tac_plus at shrubbery.net" <tac_plus at shrubbery.net>
> Subject: Re: [tac_plus] Authentication using Likewise and AD
>
>   Configure tac_plus to use password = PAM and it will authenticate via
> whatever mechanism(s) PAM is configured to use.  With that said, bear in
> mind that using LDAP for network auth isn't exactly the best idea.  When
> you have a problem with your LDAP server, tac_plus doesn't know.  It just
> acts as if your credentials are wrong and you're unable to log into network
> devices.  It is even MORE fun because you can't even log into your tac_plus
> server and shut down tac_plus so your network devices will use "local"
> authentication because the server is ALSO using LDAP to authenticate.
>
>  Just some things to keep in mind.
>
>   --
> John Fraizer
> LinkedIn profile: http://www.linkedin.com/in/johnfraizer/
>
>
>
> On Mon, Mar 30, 2015 at 11:36 AM, Matt Almgren <matta at surveymonkey.com>
> wrote:
>
>>
>> Hello all, I’ve recently joined another company that uses Likewise for
>> authentication against AD.   Does anyone have any experience working with
>> Likewise and using it with TAC+?  I’m assuming that if I configure PAM with
>> TAC+, it will pass those authentication requests on to the AD server?
>>
>> We’re running Ubuntu 14.04.1 LTS and the latest version of tac_plus, if
>> that helps.
>>
>> Thanks, Matt
>>
>>
>> --
>> Matt Almgren
>> Sr. Networking Engineer | SurveyMonkey
>>
>>
>>
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20150330/8a6e9d43/attachment.html
>> >
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/tac_plus
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150330/04ed350a/attachment.html>


More information about the tac_plus mailing list