[c-nsp] Error in tacacs

[Simon Paterson]

I had a similar experience to this.

It was due to tac_plus mis-interpreting fields is the /etc/shadow file.

To fix it, uncomment the line (ie, remove the /* and */ from the start
and end)
#define SHADOW_PASSWORDS 
in tac_plus.h file in the tac_plus source directory, and recompile
tac_plus.
Then, in your tac_plus.cfg, use 'login = file /etc/passwd', not
/etc/shadow.
The recompiled tac_plus will then correctly interpret both the passwd
and shadow files for authentication.

This was with tacacs+-F4.0.4.7 from http://www.shrubbery.net/tac_plus/,
running on Slackware, so if your setup is different, or you're using
precompiled binaries, this may not work for you. It was 2+ years ago
now, but I believe this was all that was required.

Simon



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jorge
Evangelista
Sent: Sunday, 28 May 2006 2:50 a.m.
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Error in tacacs

I have been setting up a Tacacs Server, but I can not log in to
router, I have a problem with authentication, I am not sure if this
problem is in the server or router.
I have put correct time and date and router and server.

User Access Verification
Username: jorgee
Password:
Password has expired

There is a log

Sat May 27 09:45:55 2006 [479]: login query for 'jorgee' tty6 from
192.168.190.236 rejected
Sat May 27 09:45:58 2006 [446]: session.peerip is 192.168.190.236
Sat May 27 09:45:58 2006 [480]: connect from 192.168.190.236
[192.168.190.236]

In my tac_plus.cfg  I have put for user jorgee
 user = jorgee {
        default service = permit
        login = file /etc/shadow
        }

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/