LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page TACACS+ daemon + Cisco gear - Question concerning authentication setting
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-31-2011, 01:48 AM   #1
suraty
LQ Newbie
 
Registered: Dec 2011
Posts: 5

Rep: Reputation: Disabled
TACACS+ daemon + Cisco gear - Question concerning authentication setting

Hello Group,

I am using the following TACACS+ daemon:

TACACS+ daemon: Shrubbery Networks - TACACS+ daemon
URL: http://www.shrubbery.net/tac_plus/

The daemon is configured to reference PAM to take care of authentication.
Code:
group = netadmin {
  default service = permit

  service = exec {
    priv-lvl = 15
  }
}

user = user1 {
  login = PAM
  member = netadmin
}
The authentication / authorization seems to be working when I login into the Cisco gear. However, it takes me straight to enable mode after login. I am trying to configure TACACS to first bring me to user mode, then to enable mode after typing the command 'enable', then my password respectively.

I would like to keep the 'login = PAM' method as PAM is configured to reference Openldap for passwords.

Any advice will be greatly appreciated.

Regards,
Suraty
Last edited by suraty; 12-31-2011 at 01:51 AM.
 
Old 12-31-2011, 04:08 PM   #2
agentbuzz
Member
 
Registered: Oct 2010
Location: Texas
Distribution: Debian, Ubuntu, CentOS, RHEL
Posts: 131

Rep: Reputation: 25
Cisco privileged exec mode
suraty,
Quote:
priv-lvl = 15
Privilege level 15 is enable mode. Try changing that 15 to a "1".
 
Old 12-31-2011, 05:36 PM   #3
suraty
LQ Newbie
 
Registered: Dec 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Hello agentbuzz,

Thank you for your reply. I get the following error when I try to change to enable mode with 'priv-lvl =1'.

% Error in authentication.

Regards,
Suraty
 
Old 01-01-2012, 12:08 AM   #4
suraty
LQ Newbie
 
Registered: Dec 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Hello Group,

After posting my previous reply, I realized that the enable authentication is not working at all with 'priv-lvl = 15'.
After my initial login to the router, it takes me to enable mode. When I try disable then enable, the router gives me the following message:

Code:
% Error in authentication.
I believe this means I have problem with my enable settings.
I updated my tac_plus.conf user settings to:

Code:
user = user1 {
  login = PAM
  enable = PAM
  member = netadmin
}
After reload I get the following error:

Code:
expecting 'file', 'cleartext', 'nopassword', or 'des' keyword after 'enable ='
I believe the version of the TACACS+ I am using is incompatible with PAM for enable passwords.

Is there a work around to get enable authentication working with PAM?

suraty
Last edited by suraty; 01-01-2012 at 12:56 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SNMP monitoring of CISCO gear w/ Nagios sadhikary Linux - Software 3 09-29-2010 11:53 AM
flight-gear question rob.rice Linux - Games 2 04-24-2010 12:49 AM
Tacacs + authentication juanb Linux - Security 0 10-13-2004 05:00 AM
does CISCO make the best network gear? servnov Linux - Networking 3 09-08-2004 09:45 AM
TACACS+, Cisco router/switch authentication sancho5 Linux - Networking 2 03-28-2003 03:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:42 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration