Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

linux tacacs+ authentication with IAP

This thread has been viewed 1 times

  • 1.  linux tacacs+ authentication with IAP

    Posted Nov 23, 2018 02:55 AM

    Hi All,

    I'm trying to integrate tacacs+ on linux with IAP cluster(6.4.2.6-4.1.1.11_52666). I have following problems, any help is appreciated.

    1, tacacs+ requests are not sent to the server thru IAP's virtual ip. The master AP sends tacacs requests with its local ip, but for Radius, it is sent thru virtual ip!!!.
    2, even with correct password, login fails. Are there any additional attributes that need to be returned back to IAP ?.

    tacacs server logs.

    Nov 23 11:57:48 tftpsrv tac_plus[5285]: connect from 172.16.6.59 [172.16.6.59]
Nov 23 11:57:48 tftpsrv tac_plus[5285]: login failure: read.only 172.16.6.59 (172.16.6.59) tty0

    telnet error.

    Login incorrect, reason code 7

    tacacs user config. I tried with both commented options without any success.

    user = read.only {
login = cleartext n3tw0rk
#member = deviceadmin
#service = shell { roles = read-only }
service = exec { priv-lvl = 15 }
    }


    group = deviceadmin {
    default service = permit
    service = exec { priv-lvl = 15 }
     }

    Thanks,

    Eby