[tac_plus] Install with do_auth

Daniel Schmidt daniel.schmidt at wyo.gov
Tue Jan 17 21:41:19 UTC 2017


We're on 1.13 actually.  Try that.
https://github.com/jathanism/do_auth


Off of the top of my head, this here:
/usr/bin/python /usr/local/sbin/tacplus/do_auth.py -i $address -fix_crs_bug
-u $user -d $name -l /var/log/tacacs/do_auth_log -f
/usr/local/sbin/tacplus/do_auth.ini

Run that as your tac_plus user,  fill in your values and add -D.  See if it
gives you some output or an error.  And you probably don't need -fix_crs_bug
if you upgrade as I believe Jathan fixed that kludge.



On Tue, Jan 17, 2017 at 12:50 PM, <Kevin.Cruse at instinet.com> wrote:

> I am in the process of migrating to centos 7 and have setup the following
> environment:
>
> CentOS Linux release 7.2.1511
> tac_plus version F4.0.4.28
> do_auth.py v1.9
>
> The problem I am having is users will authenticate properly to tac_plus,
> however, the 'after authorization' is never called and user ends up with
> full control on router. It's been awhile since I setup our centos 6 servers
> with tacplus and wonder if I need to build from source with specific
> switches to support do auth? I cannot for the life of me figure out why
> 'after authorization' is not called! I've copied the same config from
> production (currently working perfectly) and cannot get this to work. Any
> ideas/thoughts/suggestions? im banging my head on this one.
>
>  group = default_group {
>         default service = permit
>         service = exec {
>         priv-lvl = 0
>         shell:roles=\"\\"network-operator\\""
>         }
>         after authorization "/usr/bin/python /usr/local/sbin/tacplus/do_auth.py
> -i $address -fix_crs_bug -u $user -d $name -l /var/log/tacacs/do_auth_log
> -f /usr/local/sbin/tacplus/do_auth.ini"
>
>  }
>
>
> Thanks
>
> -----------------------------------------------------------------
> *Kevin Cruse*
> US Networks
> Instinet LLC
> 309 West 49th Street
> New York, NY 10019 US
> kevin.cruse at instinet.com
> 212-310-4734 <(212)%20310-4734>
>
>
> ============================================================
> =============================================
>
> *<<<< Disclaimer >>>>*
>
> This message, including all attachments, is private and confidential, may
> contain proprietary or privileged information and material and is intended
> solely for use by the named addressee(s). If you receive this transmission
> in error, please immediately notify the sender and destroy this message in
> its entirety, whether in electronic or hard copy format. Any unauthorized
> use (and reliance thereon), copying, disclosure, retention, or distribution
> of this transmission or the material herein is forbidden. We reserve the
> right to retain, monitor, intercept and archive electronic communications.
> This message does not constitute an offer or solicitation with respect to
> the purchase or sale of any security. It should not be construed to contain
> any recommendation regarding any security or strategy unless expressly
> stated therein. Any reference to the terms of executed transactions should
> be treated as preliminary only and subject to formal written confirmation.
> Any views expressed are those of the individual sender, except where the
> message states otherwise and the sender is authorized to state them to be
> the views of any such entity. This message is provided on an “as is” basis.
> It contains material that is owned by Instinet Incorporated, its
> subsidiaries or its or their licensors, and may not, in whole or in part,
> be (i) copied, photocopied or duplicated in any form, by any means, or (ii)
> redistributed, posted, published, excerpted, or quoted without Instinet
> Incorporated's prior written consent. No confidentiality or privilege is
> waived or lost by any mistransmission of this message. Instinet, LLC
> (member SIPC) and Instinet Canada Limited (member IIROC/CIPF) are
> subsidiaries of Instinet Incorporated that are locally registered or
> otherwise authorized to provide securities brokerage products and services.
> Please refer to the following link for additional disclosures and
> disclaimers that apply to this message: http://instinet.com/docs/
> legal/le_disclaimers.html.
> <http://instinet.com/docs/legal/le_disclaimers.html> Effective July 1,
> 2014, Canada introduced Canadian Anti-Spam Legislation ("CASL"). As a
> Canadian resident you are receiving this electronic communication because
> of your existing relationship with Instinet Canada Limited ("ICL") or an
> authorized affiliate. Canadian residents who wish to unsubscribe from
> commercial electronic messages: please e-mail iclcompliance at instinet.com.
> Please note that you will continue to receive non-commercial electronic
> messages, such as account statements, invoices, client communications, and
> other similar factual electronic communications.
>
>
>
> ============================================================
> =============================================
>
>

-- 

E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20170117/539dc96f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 60645993.gif
Type: image/gif
Size: 4077 bytes
Desc: not available
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20170117/539dc96f/attachment.gif>


More information about the tac_plus mailing list