[c-nsp] TACACS/RADUIS/AD
Ryan West
rwest at zyedge.com
Sun Aug 9 10:25:06 EDT 2009
Ziv,
I think Phil pretty much covered everything already, it sounds like you're going to lean towards the tac-plus implementation. Here is a walkthrough for getting it going with backend LDAP authentication, there are some extra functions in his blog as well, like a TACACS log viewer: http://www.sweetfixes.com/blogs/robert/archive/2008/11/20/configuring-a-tacacs-server-on-ubuntu-8-10-linux.aspx I can't comment on the structure of your AD, but you can limit your query scope to a particular starting OU and avoid unwanted built-in accounts or sets of users.
The rest of your command sets or privilege levels would be defined in the /etc/tacplus.conf file.
-ryan
More information about the cisco-nsp
mailing list