[c-nsp] TACACS/RADUIS/AD

Ziv Leyes zivl at gilat.net
Sun Aug 9 10:41:48 EDT 2009


Thank you very much!
That looks like something that will help me get started with

-----Original Message-----
From: Ryan West [mailto:rwest at zyedge.com]
Sent: Sunday, August 09, 2009 5:25 PM
To: Ziv Leyes
Cc: 'Cisco-nsp'
Subject: RE: [c-nsp] TACACS/RADUIS/AD

Ziv,

I think Phil pretty much covered everything already, it sounds like you're going to lean towards the tac-plus implementation.  Here is a walkthrough for getting it going with backend LDAP authentication, there are some extra functions in his blog as well, like a TACACS log viewer: http://www.sweetfixes.com/blogs/robert/archive/2008/11/20/configuring-a-tacacs-server-on-ubuntu-8-10-linux.aspx I can't comment on the structure of your AD, but you can limit your query scope to a particular starting OU and avoid unwanted built-in accounts or sets of users.

The rest of your command sets or privilege levels would be defined in the /etc/tacplus.conf file.

-ryan



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************





__________ Information from ESET NOD32 Antivirus, version of virus signature database 4319 (20090809) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4319 (20090809) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************





More information about the cisco-nsp mailing list