<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Oct 16, 2008, at 4:11 PM, jathan. wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Try adding the keyword 'optional' before the conditional shell:Admin. Example:<br><br>service = exec {<br> optional shell:Admin = "Admin default-domain"<br>}</div></blockquote><div><br></div><div><br></div>Yep... Mr Heasley mentioned this last night, I didn't realise it didn't go to the list :)</div><div><br></div><div>Thanks!</div><div><br></div><div><br><blockquote type="cite"><div dir="ltr"><br><br>This tells the NAS to ignore this or override it if it doesn't understand it. Not sure if that will work in this case, but I've used that in the past to enable special-case support for Procket hardware. <br> <br><div class="gmail_quote">On Wed, Oct 15, 2008 at 9:02 PM, John Payne <span dir="ltr"><<a href="mailto:john@sackheads.org">john@sackheads.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div class="Ih2E3d"><br> <br> On Oct 15, 2008, at 7:12 PM, John Payne <<a href="mailto:john@sackheads.org">john@sackheads.org</a>> wrote:<br> <br> ><br> > On Oct 14, 2008, at 6:25 PM, John Payne wrote:<br> ><br> >> Has anyone had luck translating:<br> >><br> >> 4. Under the TACACS+ Settings section of the page, configure the<br> >> following<br> >> settings:<br> >> – Click the Shell (exec) check box.<br> >> – Click the Custom attributes check box.<br> >> – In the text box below Custom attributes, enter the user role and<br> >> associated<br> >> domain for a specific context in the following format:<br> >> shell:<contextname>=<role> <domain1> <domain2>...<domainN><br> >> For example, to assign the selected user to the C1 context with the<br> >> role<br> >> ROLE1 and the domain DOMAIN1, enter shell:C1=ROLE1 DOMAIN1.<br> >><br> >><br> >> Into tac_plus format? I'm trying various combinations under<br> >> service=shell, but I'm getting stuck with the Network-Monitor role,<br> >> not the Admin role.<br> ><br> > Answering my own question:<br> ><br> > service = exec {<br> > shell:Admin = "Admin default-domain"<br> > }<br> ><br> > (shell:context = "role domain")<br> <br> </div>Argh... Except that broke authentication for IOS devices....<br> <br> Help?<br> <div><div></div><div class="Wj3C7c">_______________________________________________<br> tac_plus mailing list<br> <a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br> <a href="http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus</a><br> </div></div></blockquote></div><br><br clear="all"><br>-- <br>Jathan.<br>-<br> </div></blockquote></div><br></body></html>