[tac_plus] Need help to authenticate to SSH
heasley
heas at shrubbery.net
Mon Feb 1 17:38:10 UTC 2016
Mon, Feb 01, 2016 at 08:40:55AM +0000, Darren Share:
> Hello,
>
> I am currently trying to put myself through a crash course with tac_plus to assist a customer. We sell an NTP server which supports TACACS+ for authentication. The server has a web interface (port 80) and and SSH interface (port 22). A relatively default tac_plus installation on a debian server is allowing us to log in to the web interface but the SSH login (with the same user) is getting rejected. According to the manufacturuer the SSH login is not supported with TACACS+ but I'm convinced it should be able to work as I can see the NTP server is sending requests to the TACACS+ server when we attempt to log in.
>
> This is the current tac_plus.conf that works with the web login (user "support" is an existing user on the debian system):
>
> accounting file = /var/log/tac_plus.acct
> key = testing123
>
> user = DEFAULT {
> login = PAM
> service = ppp protocol = ip {}
> }
>
> group = netadmin {
> default service = permit
> login = file /etc/passwd
> service = exec {}
> }
>
> user = support {
> member = netadmin
> }
>
> If I enable debugging on tac_plus (tac_plus -C /etc/tacacs+/tac_plus.conf -g -d 256) this is what I get with a successful web login:
>
please re-send these as attachments; your MUA has trashed the formatting and
it is difficult to read.
More information about the tac_plus
mailing list