[tac_plus] Authentication using Likewise and AD

Matt Almgren matta at surveymonkey.com
Mon Mar 30 22:01:29 UTC 2015 

Ah found it…


  sudo apt-get install libpam0g-dev

Thanks, Matt





From: Matt Almgren <matta at surveymonkey.com<mailto:matta at surveymonkey.com>>
Date: Monday, March 30, 2015 at 2:53 PM
To: John Fraizer <john at op-sec.us<mailto:john at op-sec.us>>
Cc: "tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>" <tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>>
Subject: Re: [tac_plus] Authentication using Likewise and AD

It looks like pam libraries aren’t installed correctly and I can’t find the proper one to install, if it even matters:

My install says “no” to this output message.  But the PAM_guide on the shrubbery site says it should be saying “yes"

      checking for pam_start in -lpam... yes

If that says yes, then the daemon will compile with pam support. If it
says no, then configure is unable to find your pam libraries. Make sure
you performed Step 1.

I assume this is important, or should I skip it and try to install without it?


Thanks, Matt






From: John Fraizer <john at op-sec.us<mailto:john at op-sec.us>>
Date: Monday, March 30, 2015 at 12:53 PM
To: Matt Almgren <matta at surveymonkey.com<mailto:matta at surveymonkey.com>>
Cc: "tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>" <tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>>
Subject: Re: [tac_plus] Authentication using Likewise and AD

Configure tac_plus to use password = PAM and it will authenticate via whatever mechanism(s) PAM is configured to use.  With that said, bear in mind that using LDAP for network auth isn't exactly the best idea.  When you have a problem with your LDAP server, tac_plus doesn't know.  It just acts as if your credentials are wrong and you're unable to log into network devices.  It is even MORE fun because you can't even log into your tac_plus server and shut down tac_plus so your network devices will use "local" authentication because the server is ALSO using LDAP to authenticate.

Just some things to keep in mind.

--
John Fraizer
LinkedIn profile: http://www.linkedin.com/in/johnfraizer/



On Mon, Mar 30, 2015 at 11:36 AM, Matt Almgren <matta at surveymonkey.com<mailto:matta at surveymonkey.com>> wrote:

Hello all, I’ve recently joined another company that uses Likewise for authentication against AD.   Does anyone have any experience working with Likewise and using it with TAC+?  I’m assuming that if I configure PAM with TAC+, it will pass those authentication requests on to the AD server?

We’re running Ubuntu 14.04.1 LTS and the latest version of tac_plus, if that helps.

Thanks, Matt


--
Matt Almgren
Sr. Networking Engineer | SurveyMonkey




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150330/8a6e9d43/attachment.html>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/tac_plus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150330/f191009f/attachment.html>

More information about the tac_plus mailing list