<div dir="ltr"><div><div>Hi Heasley,<br><br></div>Thanks for your response. Basically I am not able to get a working example of how to use those AVPs in tac_plus.conf. Whatever I have used so far, they appear to have no impact on the server at all. [the basic authentication using file /etc/passwd is working though].<br><br><br></div><div>While googling I mostly get examples of how to configure CISCO device [client side] and very limited configuration examples associated with server configuration other than the file that is packaged with the tac_plus source code itself.<br><br></div><div>Example 1:<br><br></div><div>I want to send a prompt message to host connecting from 192.168.2.53<br><br></div><br><div>default authentication = file /etc/passwd<br><br>host = 192.168.2.53 {<br> prompt = "Welcome\n"<br> }<br><br></div><div>Now when I login, I do not see any "welcome" attched in the reply message in wireshark. I only see <br><br></div><div>Status: 0x1 (Authetication Passed)<br></div><div>Flags : 0x0<br></div><div>Server message length : 0<br></div><div>Data Lengh :0<br><br></div><div>I would appreciate if you could provide a working example of tac_plus.conf with some AVPs either at authentication or at authorization phase.<br></div><div><br></div><div>I would appreciate any help in this regard.<br></div><div><br><br></div><div>Thanks<br></div><div>Chandan<br></div><div><br></div><div>PS: In RADIUS it is very simple to send a reply with auth example:<br><br>joe Cleartext-Password := "1234"<br> Reply-Message := "Welcom"<br><br></div><div>On auth success, the server sends this welcom string, which could be used by the client side to provide additional functionality. [I agree it is not the best way to do, this example is only for illustration purpose]<br></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><br><div>--</div><div><a href="http://about.me/chandank" target="_blank">http://about.me/chandank</a><br></div></div></div>
<br><div class="gmail_quote">On Sat, Feb 21, 2015 at 1:59 PM, heasley <span dir="ltr"><<a href="mailto:heas@shrubbery.net" target="_blank">heas@shrubbery.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Fri, Feb 20, 2015 at 12:01:03PM -0500, Chandan Kumar:<br>
</span><div><div class="h5">> Hello All,<br>
><br>
> I am using tacacs+ server to autheticate Linux machines [CentOS-6] and<br>
> using pam_tacplus.so. The basic authentication works perfect.<br>
><br>
> I have a question regarding reply message from tacacs+ server. Unlike<br>
> RADIUS I do not find any "Reply-Message" type of field in server<br>
> configuration of TACPLUS server. Is there any way either during<br>
> authorization or authentication phase to send a custom reply message or any<br>
> flag, which could be used by the pam module to customize user info. [I will<br>
> modify the pam module accordingly]<br>
<br>
</div></div>sorry for the 2nd msg; but in theory you could pass anything that you want<br>
back to the agent with optional AVPs; again see tac_plus.conf.<br>
</blockquote></div><br></div>