[tac_plus] Info - Tacacs +

[emvergb at gmail.com]

Hi Charanjit,
You don't need a nested group to achieve all your requirements.  Learn how
authorization scripts work.  It's how I resolved all my requirements of
having different privileges (rw, ro, no access) to every NAS plus command
authorization from a single username.

Regards,
Emver


-----Original Message-----
From: tac_plus-bounces at shrubbery.net [mailto:tac_plus-bounces at shrubbery.net]
On Behalf Of charanjit singh
Sent: Tuesday, January 25, 2011 7:48 AM
To: tac_plus at shrubbery.net
Subject: [tac_plus] Info - Tacacs +

Hi Team,



I am working as a Network Admin for a company. We are currently setting up a
new Tacacs+ solution for AAA on our devices.



I have a query --



We are running the Tacacs+ daemon on a Unix machine. The authentication 
is working fine on Cisco devices. Now i have added another group for WAN
 Accelerators , its just a Monitoring group



Is it possible that a user can be a member of Cisco Admin group and WAN
Accelerator Monitoring group



As per my checks a user can belong to just one group in Tacacs+.



Can i work towards a solution for my requirement by doing Nested Groups.



Is it possible that i create a Composite Group and then add both the Admin
and WAN Accelerator groups in it as Member Groups. Do you have a sample
configuration >



I tried it but i was unable to compile / save the Configuration file



Any help would be appreciated.



Regards,

Charanjit Jassar


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.shrubbery.net/pipermail/tac_plus/attachments/20110124/1fa39062/a
ttachment.html>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus