[tac_plus] TACACS+ config group syntax for Arbor

heasley heas at shrubbery.net
Thu Nov 9 23:42:51 UTC 2017 

Thu, Nov 09, 2017 at 04:38:39PM -0500, Asif Iqbal:
> Hi All.
> 
> Any one doing TACACS+ with Arbor? We can authenticate fine, but failing to
> get into shell mode.
> 
> with -d 8 -d 16 I get no following log when run shell command, and Arbor
> says "970: Command requires higher privilege"
> 
> Thu Nov  9 21:23:25 2017 [3079]: login query for 'iqbala' port tty?? from
> > 192.168.1.100 accepted
> > Thu Nov  9 21:23:25 2017 [3113]: connect from 192.168.1.100 [192.168.1.100]
> > Thu Nov  9 21:23:25 2017 [3113]: Start authorization request
> > Thu Nov  9 21:23:25 2017 [3113]: do_author: user='iqbala'
> > Thu Nov  9 21:23:25 2017 [3113]: user 'iqbala' found
> > Thu Nov  9 21:23:25 2017 [3113]: svc=N_svc protocol= not found, denied by
> > default

enable the packet dump debug to see what service the device is sending.
you dont have that service in the config so its going to the default.

> > Thu Nov  9 21:23:25 2017 [3113]: authorization query for 'iqbala' login
> > from 192.168.1.100 rejected
> > Thu Nov  9 21:23:25 2017 [3122]: connect from 192.168.1.100 [192.168.1.100]
> > Thu Nov  9 21:23:25 2017 [3122]: Start authorization request
> > Thu Nov  9 21:23:25 2017 [3122]: do_author: user='iqbala'
> > Thu Nov  9 21:23:25 2017 [3122]: user 'iqbala' found
> > Thu Nov  9 21:23:25 2017 [3122]: svc=N_svc protocol= not found, denied by
> > default
> > Thu Nov  9 21:23:25 2017 [3122]: authorization query for 'iqbala' login
> > from 192.168.1.100 rejected
> 
> 
> 
> 
> Appreciate any help!
> 
> 
> -- 
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20171109/d2c152fb/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus

More information about the tac_plus mailing list