<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 10:54 AM, Daniel Schmidt <span dir="ltr"><<a href="mailto:daniel.schmidt@wyo.gov" target="_blank">daniel.schmidt@wyo.gov</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">I guess that would work if you wanted EVERY ad user to have access. Full<br>
access, at that.<br>
<br>
If you priv_15 everybody, they shouldn't need an enable password. Doesn't<br>
seem 2 work 4 the ASA though. Give everybody one generic enable password<br>
maybe.<br></blockquote><div><br></div><div><br></div><div><br></div><div>OR may be include this patch that Matt Addison is referring to, to the original code? </div><div><br></div><div><a href="https://gist.github.com/ragzilla/11297928">https://gist.github.com/ragzilla/11297928</a></div>
<div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><div class="h5"><br>
<br>
On Wed, Apr 16, 2014 at 8:47 AM, Linda Slater <<a href="mailto:lslater@yorku.ca">lslater@yorku.ca</a>> wrote:<br>
<br>
> Couple questions:<br>
><br>
> I am using PAM_LDAP to authenticate our users via AD. The additional<br>
> requirements are now:<br>
><br>
><br>
><br>
> 1. No usernames in the Tac+ config file, I will define only groups and use<br>
> AD groupings to decide if that user can be allowed to access a network<br>
> device. Does anyone have any examples using this method? Currently, I<br>
> have the user name ...... login = PAM, listed in the tac...config file.<br>
><br>
> 2. Each user that logins into the Network device, must use their AD<br>
> password to gain enable access to the network device. Is anyone using<br>
> this method to allow users enable access, given that the Tac+ enable<br>
> password cannot be pointed to PAM? Each user will have using their own<br>
> AD login credentials.<br>
><br>
><br>
> Regards,<br>
> Linda Slater | Senior Network Designer, Network Development | University<br>
> Information Technology<br>
> 010 Steacie Science and Engineering Library | York University | 4700 Keele<br>
> St. , Toronto ON Canada M3J 1P3<br>
> T: <a href="tel:%2B1.416.736.2100%20ext%2022733" value="+14167362100">+1.416.736.2100 ext 22733</a> | F: <a href="tel:%2B1.416.736.5830" value="+14167365830">+1.416.736.5830</a> | <a href="mailto:lslater@yorku.ca">lslater@yorku.ca</a> |<br>
> <a href="http://www.yorku.ca" target="_blank">www.yorku.ca</a><br>
><br>
> York UIT will NEVER send unsolicited requests for passwords or other<br>
> personal information via email. Messages requesting such information are<br>
> fraudulent and should be deleted.<br>
> -------------- next part --------------<br>
> An HTML attachment was scrubbed...<br>
> URL: <<br>
> <a href="http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html" target="_blank">http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/89ba12d8/attachment.html</a><br>
> ><br>
> _______________________________________________<br>
> tac_plus mailing list<br>
> <a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
> <a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
><br>
<br>
<br>
</div></div>E-Mail to and from me, in connection with the transaction<br>
of public business, is subject to the Wyoming Public Records<br>
Act and may be disclosed to third parties.<br>
<div class="">-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
</div>URL: <<a href="http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/b7282d4f/attachment.html" target="_blank">http://www.shrubbery.net/pipermail/tac_plus/attachments/20140416/b7282d4f/attachment.html</a>><br>
<div class=""><div class="h5">_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo/tac_plus</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu">pgp.mit.edu</a><br>A: Because it messes up the order in which people normally read text.<br>
Q: Why is top-posting such a bad thing?<br><br>
</div></div>