<br><font size=2 face="sans-serif">Hi,</font>
<br>
<br><font size=2 face="sans-serif">I am trying to authenticate sshd service
on a linux system through tacacs+.... </font>
<br>
<br><font size=2 face="sans-serif"><b>Tacacs+ server IP : 10.1.100.114</b></font>
<br><font size=2 face="sans-serif"><b>Network Client : 10.115.111.215</b></font>
<br>
<br><font size=2 face="sans-serif">I am starting tacacs+ using tac_plus
-d 8 -C /opt/WiKID/private/tacacs.conf</font>
<br>
<br><font size=2 face="sans-serif"># This file is dynamically written by
the WiKID server</font>
<br><font size=2 face="sans-serif"># manual changes to this file will be
overwritten almost immediately</font>
<br>
<br><font size=2 face="sans-serif">key = "cooler"</font>
<br><font size=2 face="sans-serif">accounting file = /opt/WiKID/log/tacacs.accounting.log</font>
<br>
<br><font size=2 face="sans-serif">user = chetan { </font>
<br><font size=2 face="sans-serif"> default
service = permit</font>
<br><font size=2 face="sans-serif"> chap = cleartext
"605992"</font>
<br><font size=2 face="sans-serif"> pap = cleartext
"605992"</font>
<br><font size=2 face="sans-serif"> arap = cleartext
"605992"</font>
<br><font size=2 face="sans-serif"> login =
des chRQBOhi.agrM</font>
<br><font size=2 face="sans-serif">}</font>
<br>
<br><font size=2 face="sans-serif"><b><u>On the Network Client side....
</u></b></font>
<br>
<br><font size=2 face="sans-serif"><b><u>/etc/pam.d/tacacs :</u></b></font>
<br>
<br><font size=2 face="sans-serif">#%PAM-1.0</font>
<br><font size=2 face="sans-serif">auth sufficient
/lib/security/pam_tacplus.so debug \ </font>
<br><font size=2 face="sans-serif">server=10.1.100.114 secret=cooler
encrypt</font>
<br><font size=2 face="sans-serif">account sufficient
/lib/security/pam_tacplus.so debug \</font>
<br><font size=2 face="sans-serif">server=10.1.100.114 secret=cooler
encrypt service=shell protocol=ssh</font>
<br><font size=2 face="sans-serif">session sufficient
/lib/security/pam_tacplus.so debug \</font>
<br><font size=2 face="sans-serif">server=10.1.100.114 secret=cooler
encrypt service=shell protocol=ssh</font>
<br>
<br><font size=2 face="sans-serif"><b><u>/etc/pam.d/sshd :</u></b></font>
<br>
<br><font size=2 face="sans-serif">#%PAM-1.0</font>
<br><font size=2 face="sans-serif">auth sufficient
pam_stack.so service=tacacs</font>
<br><font size=2 face="sans-serif">#auth required
pam_stack.so service=system-auth</font>
<br><font size=2 face="sans-serif">auth required
pam_nologin.so</font>
<br><font size=2 face="sans-serif">account sufficient
pam_stack.so service=tacacs</font>
<br><font size=2 face="sans-serif">account required
pam_stack.so service=system-auth</font>
<br><font size=2 face="sans-serif">password required
pam_stack.so service=system-auth</font>
<br><font size=2 face="sans-serif">session sufficient
pam_stack.so service=tacacs</font>
<br><font size=2 face="sans-serif">session required
pam_stack.so service=system-auth</font>
<br><font size=2 face="sans-serif">session required
pam_limits.so</font>
<br><font size=2 face="sans-serif">session optional
pam_console.so</font>
<br>
<br>
<br><font size=2 face="sans-serif">Tacacs+ is not authenticating the credentials....
</font>
<br>
<br><font size=2 face="sans-serif"><b>/var/log/messages on Tacacs+ Server
shows :</b></font>
<br>
<br><font size=2 face="sans-serif">Jun 26 11:48:15 netmgr tac_plus[28248]:
Version F4.0.4.10 Initialized 1</font>
<br><font size=2 face="sans-serif">Jun 26 11:48:30 netmgr tac_plus[28258]:
connect from 10.115.111.215 [10.115.111.215]</font>
<br><font size=2 face="sans-serif">Jun 26 11:48:30 netmgr tac_plus[28258]:
pap-login query for 'chetan' ssh from 10.115.111.215 rejected</font>
<br>
<br>
<br><font size=2 face="sans-serif">Can you help me what could be the issue......</font>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br><font size=2 face="sans-serif">Thanks and Regards,<br>
Chetan Jain<br>
Network Team - IR,<br>
Monitor Group,<br>
131 Free Press House,<br>
Nariman Point, Mumbai.<br>
India</font>
<br>
<br>
<br>
<span style="font-family:serif; font-size:8pt; color:#000080">-----------------------------------</span><br>
<span style="font-family:serif; font-size:8pt; color:#000080">This message contains information that may be confidential and proprietary. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message immediately. Thank you very much.</span>