From Miha.Petkovsek at telemach.si  Tue Dec 13 09:47:51 2022
From: Miha.Petkovsek at telemach.si (=?Windows-1252?Q?Miha_Petkov=9Aek?=)
Date: Tue, 13 Dec 2022 09:47:51 +0000
Subject: [tac_plus] User authentication to /etc/passwd file on FreeBSD
Message-ID: <DB3PR0102MB340109EA7629216449239AE09CE39@DB3PR0102MB3401.eurprd01.prod.exchangelabs.com>

Hi,

first of all thanks for this software, we use it a lot for router/switch/firewall authentication from different vendors, it does the job well !

Secondly, I am having issue with FreeBSD deployment and authentication of users against system /etc/passwd file. It does not work on FreeBSD system, using last version from ports:
https://www.freshports.org/net/tac_plus4/
FreeBSD nadmin 13.1-RELEASE FreeBSD 13.1-RELEASE releng/13.1-n250148-fc952ac2212 GENERIC amd64

Auth is ok if I specify login for user in tac_plus.conf directly.

I am missing something, should this work on BSD systems ?

Many thanks for reply, keep up the good work !

Br,
Miha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20221213/5b25899a/attachment.htm>

From acruhl at gmail.com  Tue Dec 13 14:30:52 2022
From: acruhl at gmail.com (Andy Ruhl)
Date: Tue, 13 Dec 2022 07:30:52 -0700
Subject: [tac_plus] General questions
Message-ID: <CAJcb3foHWuaEkNLvtVdeXbqKZZ7A=zXD556-805HOpn7+KPq-g@mail.gmail.com>

I don't know if this is appropriate here, but I'll try:

1. What is the current development fork of this software? I found a
few things but figured I'd ask instead of guess.

2. Does anyone run radius/diameter on the same system as tac_plus? Is
it not a good idea for some reason?

Thanks.

Andy


From acruhl at gmail.com  Tue Dec 13 14:40:50 2022
From: acruhl at gmail.com (Andy Ruhl)
Date: Tue, 13 Dec 2022 07:40:50 -0700
Subject: [tac_plus] User authentication to /etc/passwd file on FreeBSD
In-Reply-To: <DB3PR0102MB340109EA7629216449239AE09CE39@DB3PR0102MB3401.eurprd01.prod.exchangelabs.com>
References: <DB3PR0102MB340109EA7629216449239AE09CE39@DB3PR0102MB3401.eurprd01.prod.exchangelabs.com>
Message-ID: <CAJcb3fpeRwqwQJgWNS6YL5Ph6xhzAHAMMCQf7MT8kz3B5V4ctA@mail.gmail.com>

On Tue, Dec 13, 2022 at 7:31 AM Miha Petkov?ek
<Miha.Petkovsek at telemach.si> wrote:
> Auth is ok if I specify login for user in tac_plus.conf directly.
>
> I am missing something, should this work on BSD systems ?

I'm using Linux but I would very much prefer to use BSD...

In my setup I have user entries in tac_plus.conf that match usernames
that actually exist on the system. I thought that was the way it
worked.

Andy


From krux at thcnet.net  Tue Dec 13 17:31:56 2022
From: krux at thcnet.net (krux)
Date: Tue, 13 Dec 2022 09:31:56 -0800
Subject: [tac_plus] User authentication to /etc/passwd file on FreeBSD
In-Reply-To: <CAJcb3fpeRwqwQJgWNS6YL5Ph6xhzAHAMMCQf7MT8kz3B5V4ctA@mail.gmail.com>
References: <DB3PR0102MB340109EA7629216449239AE09CE39@DB3PR0102MB3401.eurprd01.prod.exchangelabs.com>
 <CAJcb3fpeRwqwQJgWNS6YL5Ph6xhzAHAMMCQf7MT8kz3B5V4ctA@mail.gmail.com>
Message-ID: <6f2c775727aee4303855166ca1872108@thcnet.net>

I typically point tac_plus to PAM authentication on the Linux host. That 
also lets you enable things like 2FA via PAM.

user = krux {
   member = SOME_NETWORK
   login = PAM
   pap = PAM
}

And you need a tac_plus entry under /etc/pam.d/tac_plus

On 2022-12-13 06:40, Andy Ruhl wrote:
> On Tue, Dec 13, 2022 at 7:31 AM Miha Petkov?ek
> <Miha.Petkovsek at telemach.si> wrote:
>> Auth is ok if I specify login for user in tac_plus.conf directly.
>> 
>> I am missing something, should this work on BSD systems ?
> 
> I'm using Linux but I would very much prefer to use BSD...
> 
> In my setup I have user entries in tac_plus.conf that match usernames
> that actually exist on the system. I thought that was the way it
> worked.
> 
> Andy
> 
> _______________________________________________
> tac_plus mailing list
> tac_plus at www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/tac_plus