Date: Mon, 15 Mar 1999 17:22:45 -0600 (CST) From: Mark Turner <mark@tiberius.emperor.org> To: freebsd-isp@freebsd.org Subject: Re: tac_plus config Message-ID: <199903152322.RAA00871@tiberius.emperor.org> In-Reply-To: <36ED7B88.A67C4958@MexComUSA.net> from Edwin Culp at "Mar 15, 99 03:28:40 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Mark Turner wrote:
>
> > > At 12:04 PM 3/15/99 -0600, you wrote:
> > > >I'm having ton's of problems getting the ports version
> > > >of tac_plus to authenticate for a Cisco AS5300.
>
> I assume that you have something similar to this in your AS5300 configuration:
>
> aaa new-model
> aaa authentication login default tacacs+
> aaa authentication login SYSOP line
> aaa authentication enable default enable none
> aaa authentication ppp default if-needed tacacs+
> aaa authorization exec tacacs+
> aaa authorization commands 1 tacacs+
> aaa authorization network tacacs+
> aaa accounting exec start-stop tacacs+
> aaa accounting commands 1 stop-only tacacs+
> aaa accounting network start-stop tacacs+
> aaa accounting system start-stop tacacs+
>
> tacacs-server host 10.0.0.1 (This is the ip that you are running tac_plus on.)
>
> This is your basic tac_plus.confg file:
>
> accounting file = "/var/log/tac_plus.acct"
> default authentication = file /etc/passwd
> user = DEFAULT { member = 2500 }
>
> group = 2500 {
> maxsess = 1
> service = exec { autocmd = "ppp" }
> service = ppp protocol = ip {
> }
> }
>
> user = mark {
> default service = permit
> }
>
> This is basic for Tac_plus and cisco 25?? that is about the same as the 5300, I think. You may not
> have maxsess. Check the userguide that comes in the distribution.
>
> Hope this helps a little.
>
> ed
>
>
Ed,
I think there were a couple things in the config I was missing,
these examples will help a TON!!
I'm uploading the latest(gulp) IOS, so I can upload new modem
code.
I'll retest as soon as I can.
Again thanks everyone for the help.
--
Mark Turner
mark@maestro.org
P
latest modem code at the moment.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903152322.RAA00871>