Security

Reply
eby
Occasional Contributor I

linux tacacs+ authentication with IAP

Hi All,

I'm trying to integrate tacacs+ on linux with IAP cluster(6.4.2.6-4.1.1.11_52666). I have following problems, any help is appreciated.

1, tacacs+ requests are not sent to the server thru IAP's virtual ip. The master AP sends tacacs requests with its local ip, but for Radius, it is sent thru virtual ip!!!.
2, even with correct password, login fails. Are there any additional attributes that need to be returned back to IAP ?.

tacacs server logs.

Nov 23 11:57:48 tftpsrv tac_plus[5285]: connect from 172.16.6.59 [172.16.6.59]
Nov 23 11:57:48 tftpsrv tac_plus[5285]: login failure: read.only 172.16.6.59 (172.16.6.59) tty0

telnet error.

Login incorrect, reason code 7

tacacs user config. I tried with both commented options without any success.

user = read.only {
login = cleartext n3tw0rk
#member = deviceadmin
#service = shell { roles = read-only }
service = exec { priv-lvl = 15 }
}


group = deviceadmin {
default service = permit
service = exec { priv-lvl = 15 }
}

Thanks,

Eby

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: