<div dir="ltr">I guess that would work if you wanted EVERY ad user to have access. Full access, at that. <div><br></div><div>If you priv_15 everybody, they shouldn't need an enable password. Doesn't seem 2 work 4 the ASA though. Give everybody one generic enable password maybe. </div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 8:47 AM, Linda Slater <span dir="ltr"><<a href="mailto:lslater@yorku.ca" target="_blank">lslater@yorku.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Couple questions:<br>
<br>
I am using PAM_LDAP to authenticate our users via AD. The additional<br>
requirements are now:<br>
<br>
<br>
<br>
1. No usernames in the Tac+ config file, I will define only groups and use<br>
AD groupings to decide if that user can be allowed to access a network<br>
device. Does anyone have any examples using this method? Currently, I<br>
have the user name ...... login = PAM, listed in the tac...config file.<br>
<br>
2. Each user that logins into the Network device, must use their AD<br>
password to gain enable access to the network device. Is anyone using<br>
this method to allow users enable access, given that the Tac+ enable<br>
password cannot be pointed to PAM? Each user will have using their own<br>
AD login credentials.<br>
<br>
<br>
Regards,<br>
Linda Slater | Senior Network Designer, Network Development | University<br>
Information Technology<br>
010 Steacie Science and Engineering Library | York University | 4700 Keele<br>
St. , Toronto ON Canada M3J 1P3<br>
T: <a href="tel:%2B1.416.736.2100%20ext%2022733" value="+14167362100">+1.416.736.2100 ext 22733</a> | F: <a href="tel:%2B1.416.736.5830" value="+14167365830">+1.416.736.5830</a> | <a href="mailto:lslater@yorku.ca">lslater@yorku.ca</a> |<br>
<a href="http://www.yorku.ca" target="_blank">www.yorku.ca</a><br>
<br>
York UIT will NEVER send unsolicited requests for passwords or other<br>
personal information via email. Messages requesting such information are<br>
fraudulent and should be deleted.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html" target="_blank">http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html</a>><br>
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
</blockquote></div><br></div>
<pre>
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.