[tac_plus] Authentication using Likewise and AD

John Fraizer john at op-sec.us
Tue Mar 31 06:26:31 UTC 2015 

I didn't modify my Pam modules. If you can log in, you can authenticate via
tacacs on my systems.

John Fraizer
--Sent from my Android phone.
Please excuse any typos.
On Mar 30, 2015 9:45 PM, "Matt Almgren" <matta at surveymonkey.com> wrote:

>
>  Hey John/list,
>
>  I’ve been banging my head on this all day.  I’m hoping that since you
> replied you might have some insight into getting TAC+, Likewise, and PAM to
> play nice together.
>
>  I’m assuming that you have a modified pam.d module that handles the
> tac_plus authentication?   I’ve tried to use different variations in my PAM
> module, with no success.  Can you give me some tips on what you have
> working, if you have experience working with Likewise?
>
>  Thanks, Matt
>
>
>
>
>
>   From: John Fraizer <john at op-sec.us>
> Date: Monday, March 30, 2015 at 12:53 PM
> To: Matt Almgren <matta at surveymonkey.com>
> Cc: "tac_plus at shrubbery.net" <tac_plus at shrubbery.net>
> Subject: Re: [tac_plus] Authentication using Likewise and AD
>
>   Configure tac_plus to use password = PAM and it will authenticate via
> whatever mechanism(s) PAM is configured to use.  With that said, bear in
> mind that using LDAP for network auth isn't exactly the best idea.  When
> you have a problem with your LDAP server, tac_plus doesn't know.  It just
> acts as if your credentials are wrong and you're unable to log into network
> devices.  It is even MORE fun because you can't even log into your tac_plus
> server and shut down tac_plus so your network devices will use "local"
> authentication because the server is ALSO using LDAP to authenticate.
>
>  Just some things to keep in mind.
>
>   --
> John Fraizer
> LinkedIn profile: http://www.linkedin.com/in/johnfraizer/
>
>
>
> On Mon, Mar 30, 2015 at 11:36 AM, Matt Almgren <matta at surveymonkey.com>
> wrote:
>
>>
>> Hello all, I’ve recently joined another company that uses Likewise for
>> authentication against AD.   Does anyone have any experience working with
>> Likewise and using it with TAC+?  I’m assuming that if I configure PAM with
>> TAC+, it will pass those authentication requests on to the AD server?
>>
>> We’re running Ubuntu 14.04.1 LTS and the latest version of tac_plus, if
>> that helps.
>>
>> Thanks, Matt
>>
>>
>> --
>> Matt Almgren
>> Sr. Networking Engineer | SurveyMonkey
>>
>>
>>
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20150330/8a6e9d43/attachment.html
>> >
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/tac_plus
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150330/cd3f55bf/attachment.html>

More information about the tac_plus mailing list