[c-nsp] SSH & Tacacs

DAVID Sébastien sdavid at ecritel.net
Tue Jan 15 05:26:40 EST 2008 

 

Hi,

 

I meet some difficulties to configure the authentification tacacs with SSH.

 

Everything works correctly, but when I cut the service on my server my accounts defined in tac_plus.conf always work. This is my configuration on my router :

 

aaa new-model

aaa group server tacacs+ tacserv

 server X.X.X.X

 server Y.Y.Y.Y

!

aaa authentication login telnet group tacacs+ enable local

aaa authentication login console group tacacs+ enable

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec default if-authenticated none

aaa authorization commands 1 default group tacacs+ none

aaa authorization commands 15 default group tacacs+ none

aaa accounting exec default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

 

line con 0

 login authentication console

line vty 0 4

 logging synchronous

 login authentication telnet

 transport input ssh

line vty 5 15

login authentication telnet

 transport input ssh

 

Anybody has you he an idea on the problem?

 

Thanks.

 

Best Regards,

Sébastien DAVID
Service réseaux

Ecritel
site de Clichy : 7-9, rue Petit
92582 Clichy Cedex
Tél: 01.73.02.50.76
Fax: 01.47.56.04.48 
Email: kourif at ecritel.net
Site web: www.ecritel.fr <blocked::http://www.ecritel.fr/> 

This message and any attachments (the "message") is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internetcan not guarantee the integrity of this message. ECRITEL (and its subsidiaries) shall (will) not therefore be liable for the message if modified. 
---------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le detruire et d'en avertir immediatement l'expediteur. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L'internet ne permettant pas d'assurer l'integrite de ce message, ECRITEL (et ses filiales) decline(nt) toute responsabilite au titre de ce message, dans l'hypothese ou il aurait ete modifie

More information about the cisco-nsp mailing list