Date: Mon, 15 Mar 1999 15:28:40 -0600 From: Edwin Culp <eculp@MexComUSA.net> To: mark@maestro.org Cc: freebsd-isp@FreeBSD.ORG Subject: Re: tac_plus config Message-ID: <36ED7B88.A67C4958@MexComUSA.net> References: <199903151833.MAA00483@tiberius.emperor.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Turner wrote:
> > At 12:04 PM 3/15/99 -0600, you wrote:
> > >I'm having ton's of problems getting the ports version
> > >of tac_plus to authenticate for a Cisco AS5300.
I assume that you have something similar to this in your AS5300 configuration:
aaa new-model
aaa authentication login default tacacs+
aaa authentication login SYSOP line
aaa authentication enable default enable none
aaa authentication ppp default if-needed tacacs+
aaa authorization exec tacacs+
aaa authorization commands 1 tacacs+
aaa authorization network tacacs+
aaa accounting exec start-stop tacacs+
aaa accounting commands 1 stop-only tacacs+
aaa accounting network start-stop tacacs+
aaa accounting system start-stop tacacs+
tacacs-server host 10.0.0.1 (This is the ip that you are running tac_plus on.)
This is your basic tac_plus.confg file:
accounting file = "/var/log/tac_plus.acct"
default authentication = file /etc/passwd
user = DEFAULT { member = 2500 }
group = 2500 {
maxsess = 1
service = exec { autocmd = "ppp" }
service = ppp protocol = ip {
}
}
user = mark {
default service = permit
}
This is basic for Tac_plus and cisco 25?? that is about the same as the 5300, I think. You may not
have maxsess. Check the userguide that comes in the distribution.
Hope this helps a little.
ed
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36ED7B88.A67C4958>