[tac_plus] HWTACACS Compatible - Question

Saymon Araújo saymon at online.net.br
Wed Nov 14 10:40:17 UTC 2018 

Hello,

Thank you Bruce. I will do that and return with the results.
Thank you all for the attention.

Regards,



Em qua, 14 de nov de 2018 às 00:02, Bruce Ferrell <bferrell at baywinds.org>
escreveu:

> On 11/13/18 3:31 PM, heasley wrote:
> > Tue, Nov 13, 2018 at 04:53:55PM -0300, Saymon Ara�jo:
> >> Hello,
> >>
> >> On the Huawei documentation they said that its compatible, but some
> headers
> >> maybe be different.
> >> On my switches I can log in using tacacs+ users, but the permissions of
> the
> >> users are wrong.
> >>
> >> Regards,
> > I have no experience with it, but glancing through the RFC, I concluded
> > that there seemed to be non-trivial differences that I do not expect to
> > work with daemon.  I could be wrong.  Does the device not support
> > tacacs+?
> >
> >>
> >> Em ter, 13 de nov de 2018 �s 16:49, heasley <heas at shrubbery.net>
> escreveu:
> >>
> >>> Tue, Nov 13, 2018 at 02:42:09PM -0300, Saymon Ara�jo:
> >>>> Hello,
> >>>>
> >>>> Can we make your implementation of tacacs+ compatible with HWTacacs ?
> >>> no, sorry.  only tacacs+
> >>>
> I have what I term a "dirty wireshark trick" for debugging this type of
> thing and often get people yelling at me for it, telling me to look at the
> logs but it's worked every time
> I've done it. Sometimes the logs don't tell me what I need to see or I
> have to fiddle with them.
>
> This assumes you know the shared secret.  It you don't, this has no way to
> work.
>
> collect a packet capture of the traffic between  a working device and the
> tacacs(+) server in question.
>
> The do it again for the non working device.
>
> Start wireshark and go to edit/preferences/protocols. Locate tacacs+ in
> the list and click on it.
>
> Put the shared secret into the field for TACACS+ encryption key.
>
> now open each of the capture files with wireshark.  You can now see the
> data, including attributes requested and received.
>
> When you're done, be sure to clear the key in wireshark
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20181114/f3b2ca9d/attachment.html>

More information about the tac_plus mailing list