[tac_plus] Aruba controllers

Cal Man calman at imageworks.com
Fri Dec 9 19:29:20 UTC 2016 

Thanks! I added that to tac_plus.conf and was able to restart the service,
but unfortunately the controllers still cannot authenticate. If anybody has
gotten aruba controllers to work with tac_plus, I'd appreciate if you could
share the relevant portions of the tac_plus.conf.

On Fri, Dec 9, 2016 at 11:10 AM, heasley <heas at shrubbery.net> wrote:

> Thu, Dec 08, 2016 at 09:22:03AM -0800, Cal Man:
> > Hello-
> > I'm having some trouble getting Aruba controllers to authenticate to
> > tac_plus. Aruba TAC tells me the config is right on their side, but the
> > tac_plus server shows a login failure in the logs. Accounting works,
> > though. Full AAA is working fine for our Arista, Juniper, and Brocade
> gear.
> >
> > My research has indicated that I need to add "protocol = common" to the
> > config, but anywhere I add it, the service will not restart. Here's the
> > relevant portion of the config that I do have.
> >
> > group = admin {
> >   default service = permit
> >   login = PAM
> >   acl = default
> >   pap = cleartext "aruba"
> >   service = aruba {
> >     Aruba-Admin-Role = root
> > #  protocol = common !this is where I suspect it's supposed to go
>
> its normally like:
> service = aruba protocol = common {
> }
>
> but this does not work for service aruba.  if you mean to send a AVP that
> is named "protocol":
>
> service = aruba {
>         "protocol" = common
> }
>
> >   }
> >   service = AMP {
> >     role = "AMP Administrator"
> >   }
> >   service = exec {
> >     priv-lvl = 15
> >   }
> > user = me {
> >   member = admin
> >   login = PAM
> >   }
> > }
> >
> > I would appreciate any help.
> >
> > Thanks,
> > Cal
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://www.shrubbery.net/pipermail/tac_plus/
> attachments/20161208/66ad63b3/attachment.html>
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
>



-- 
*Cal Man*


M:604-724-6595
L:604-673-2737
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20161209/e9b40b76/attachment.html>

More information about the tac_plus mailing list