[c-nsp] Error in tacacs

Jorge Evangelista netsecuredata at gmail.com
Thu Jun 1 13:57:25 EDT 2006 

Thanks you. Now I can use shadow

On 5/28/06, Simon Paterson <spaterson at woosh.com> wrote:
>
> I had a similar experience to this.
>
> It was due to tac_plus mis-interpreting fields is the /etc/shadow file.
>
> To fix it, uncomment the line (ie, remove the /* and */ from the start
> and end)
> #define SHADOW_PASSWORDS
> in tac_plus.h file in the tac_plus source directory, and recompile
> tac_plus.
> Then, in your tac_plus.cfg, use 'login = file /etc/passwd', not
> /etc/shadow.
> The recompiled tac_plus will then correctly interpret both the passwd
> and shadow files for authentication.
>
> This was with tacacs+-F4.0.4.7 from http://www.shrubbery.net/tac_plus/,
> running on Slackware, so if your setup is different, or you're using
> precompiled binaries, this may not work for you. It was 2+ years ago
> now, but I believe this was all that was required.
>
> Simon
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jorge
> Evangelista
> Sent: Sunday, 28 May 2006 2:50 a.m.
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Error in tacacs
>
> I have been setting up a Tacacs Server, but I can not log in to
> router, I have a problem with authentication, I am not sure if this
> problem is in the server or router.
> I have put correct time and date and router and server.
>
> User Access Verification
> Username: jorgee
> Password:
> Password has expired
>
> There is a log
>
> Sat May 27 09:45:55 2006 [479]: login query for 'jorgee' tty6 from
> 192.168.190.236 rejected
> Sat May 27 09:45:58 2006 [446]: session.peerip is 192.168.190.236
> Sat May 27 09:45:58 2006 [480]: connect from 192.168.190.236
> [192.168.190.236]
>
> In my tac_plus.cfg  I have put for user jorgee
>  user = jorgee {
>        default service = permit
>        login = file /etc/shadow
>        }
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


-- 
"The network is the computer"

More information about the cisco-nsp mailing list