[c-nsp] TACACS/RADUIS/AD
Ziv Leyes
zivl at gilat.net
Sun Aug 9 10:41:48 EDT 2009
Thank you very much!
That looks like something that will help me get started with
-----Original Message-----
From: Ryan West [mailto:rwest at zyedge.com]
Sent: Sunday, August 09, 2009 5:25 PM
To: Ziv Leyes
Cc: 'Cisco-nsp'
Subject: RE: [c-nsp] TACACS/RADUIS/AD
Ziv,
I think Phil pretty much covered everything already, it sounds like you're going to lean towards the tac-plus implementation. Here is a walkthrough for getting it going with backend LDAP authentication, there are some extra functions in his blog as well, like a TACACS log viewer: http://www.sweetfixes.com/blogs/robert/archive/2008/11/20/configuring-a-tacacs-server-on-ubuntu-8-10-linux.aspx I can't comment on the structure of your AD, but you can limit your query scope to a particular starting OU and avoid unwanted built-in accounts or sets of users.
The rest of your command sets or privilege levels would be defined in the /etc/tacplus.conf file.
-ryan
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4319 (20090809) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4319 (20090809) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
More information about the cisco-nsp
mailing list