[tac_plus] Re: ACE authentication

John Payne john at sackheads.org
Thu Oct 16 20:54:42 UTC 2008 

On Oct 16, 2008, at 4:11 PM, jathan. wrote:

> Try adding the keyword 'optional' before the conditional  
> shell:Admin.  Example:
>
> service = exec {
>    optional shell:Admin = "Admin default-domain"
> }


Yep... Mr Heasley mentioned this last night, I didn't realise it  
didn't go to the list :)

Thanks!


>
>
> This tells the NAS to ignore this or override it if it doesn't  
> understand it.  Not sure if that will work in this case, but I've  
> used that in the past to enable special-case support for Procket  
> hardware.
>
> On Wed, Oct 15, 2008 at 9:02 PM, John Payne <john at sackheads.org>  
> wrote:
>
>
> On Oct 15, 2008, at 7:12 PM, John Payne <john at sackheads.org> wrote:
>
> >
> > On Oct 14, 2008, at 6:25 PM, John Payne wrote:
> >
> >> Has anyone had luck translating:
> >>
> >> 4. Under the TACACS+ Settings section of the page, configure the
> >> following
> >> settings:
> >> – Click the Shell (exec) check box.
> >> – Click the Custom attributes check box.
> >> – In the text box below Custom attributes, enter the user role and
> >> associated
> >> domain for a specific context in the following format:
> >> shell:<contextname>=<role> <domain1> <domain2>...<domainN>
> >> For example, to assign the selected user to the C1 context with the
> >> role
> >> ROLE1 and the domain DOMAIN1, enter shell:C1=ROLE1 DOMAIN1.
> >>
> >>
> >> Into tac_plus format?   I'm trying various combinations under
> >> service=shell, but I'm getting stuck with the Network-Monitor role,
> >> not the Admin role.
> >
> > Answering my own question:
> >
> >        service = exec {
> >                 shell:Admin = "Admin default-domain"
> >                 }
> >
> > (shell:context = "role domain")
>
> Argh... Except that broke authentication for IOS devices....
>
> Help?
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>
>
>
> -- 
> Jathan.
> -

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20081016/a3ab065f/attachment.html

More information about the tac_plus mailing list