[tac_plus] Need your help

Daniel Schmidt daniel.schmidt at wyo.gov
Mon Mar 19 14:49:41 UTC 2018 

Are Brocade FOS switches capable of authorization?

On Fri, Mar 16, 2018 at 11:42 PM, 83358066 <83358066 at qq.com> wrote:

> Hi Dear Shrubbery
>
>       Thank you very much for your contributes for the excellent TACACS
> plus tools ,Currently we plan to test the tacacs plus to manage Brocade
> SAN switch ,most of the functions are working well and very powerful, But
> only one point we still have some issue ,Would you kindly help to provide
> some advice ,Thanks in advance.
>
>
>  The question we meet is that we defined the groups and users, for example
> ,I want to forbid the user in the group usergroup can not run the
> the explicit command "reboot" , as we know the brocade FOS command mode is
> not same as CISCO, We found the setting was not in effect and the command
> "reboot"still can be run after the user got authorized by Tacac_plus server
> daemon, So would you kindly let me know how can i configure that can forbid
> the explicit command like "reboot" be executed  and took effect. Thanks for
> your support !
>
>
>  our setting for the tac_plus config as follows :
>
> group = usergroup {
>          default service = permit
>          login = file /etc/passwd
>          enable = file /etc/passwd
>          cmd = reboot {
>                  deny .*
> }
>
>
>  user = stuser {
>          member = usergroup
>          login = file /etc/passwd         service = exec {
>         brcd-role = Admin
>         brcd-AV-Pair1 = "homeLF=128;LFRoleList=1-128"
>         brcd-AV-Pair2 = "chassisRole=switchadmin"
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/
> attachments/20180317/58bea644/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>

-- 

E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20180319/c3c6d3c4/attachment.html>

More information about the tac_plus mailing list