Date: Mon, 15 Mar 1999 18:13:12 -0600 (CST) From: Mark Turner <mark@tiberius.emperor.org> To: freebsd-isp@freebsd.org Subject: Re: tac_plus config Message-ID: <199903160013.SAA01129@tiberius.emperor.org> In-Reply-To: <36ED81FD.B96211A4@MexComUSA.net> from Edwin Culp at "Mar 15, 99 03:56:13 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
I'm still getting errors trying to log in.
(sigh) more junk log files..
Mon Mar 15 16:09:00 1999 [40808]: Reading config
Mon Mar 15 16:09:00 1999 [40808]: Initialized 1
Mon Mar 15 16:09:00 1999 [40808]: tac_plus server $Id: tac_plus.c,v 1.67 1995/07/25 03:46:27 lol Exp $ starting
Mon Mar 15 16:09:00 1999 [40809]: Backgrounded
Mon Mar 15 16:09:00 1999 [40809]: uid=0 euid=0 gid=0 egid=0 s=0
Mon Mar 15 16:09:12 1999 [40812]: 207.92.126.5: Session aborted by request
Mon Mar 15 16:09:12 1999 [40812]: 207.92.126.5: Abort msg: Autoselected
Mon Mar 15 16:09:19 1999 [40813]: cfg_get_value: name=jeff isuser=1 attr=login rec=1
Mon Mar 15 16:09:19 1999 [40813]: cfg_get_intvalue: returns NULL
Mon Mar 15 16:09:19 1999 [40813]: cfg_get_value: name=jeff isuser=1 attr=global rec=1
Mon Mar 15 16:09:19 1999 [40813]: cfg_get_intvalue: returns NULL
Mon Mar 15 16:09:19 1999 [40813]: 207.92.126.5: fd 1 eof (connection closed)
Mon Mar 15 16:09:19 1999 [40813]: Error Read -1 bytes from 207.92.126.5, expecting 12
Mon Mar 15 16:09:19 1999 [40813]: Error 207.92.126.5: Null reply packet when expecting CONTINUE
Mon Mar 15 16:09:19 1999 [40814]: cfg_get_value: name=jeff isuser=1 attr=expires rec=1
Mon Mar 15 16:09:19 1999 [40814]: cfg_get_intvalue: returns NULL
Mon Mar 15 16:09:19 1999 [40814]: cfg_get_value: name=jeff isuser=1 attr=chap rec=1
Mon Mar 15 16:09:19 1999 [40814]: cfg_get_intvalue: returns NULL
Mon Mar 15 16:09:19 1999 [40814]: cfg_get_value: name=jeff isuser=1 attr=global rec=1
Mon Mar 15 16:09:19 1999 [40814]: cfg_get_intvalue: returns NULL
Mon Mar 15 16:09:19 1999 [40814]: sendpass query for 'jeff' Async49 from 207.92.126.5 rejected
> While you're at it you might want to try the tac_plus.F4.0.2.alpha.tar.Z unless someone has a newer
I'm grabbing this thanks.
> one. I haven't looked for sometime. Although I used 2.1 for a long time with no problems. I just
> upgraded to upgrade as I remember :-)
>
> ed
>
> P.S. They all compile out of the box, more or less:-)
>
> Mark Turner wrote:
>
> > Ed,
> > I think there were a couple things in the config I was missing,
> > these examples will help a TON!!
> > I'm uploading the latest(gulp) IOS, so I can upload new modem
> > code.
> > I'll retest as soon as I can.
> > Again thanks everyone for the help.
> >
> > --
> > Mark Turner
> > mark@maestro.org
> > P
> > latest modem code at the moment.
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>
These are my current config's.
AS5396;
Current configuration:
!
! No configuration change since last restart
!
version 11.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname blackjack
!
aaa new-model
aaa authentication login default tacacs+ enable
aaa authentication login consoleport none
aaa authentication ppp default if-needed tacacs+
aaa authorization exec tacacs+ if-authenticated
aaa authorization commands 1 tacacs+ if-authenticated none
aaa authorization commands 15 tacacs+ if-authenticated none
aaa authorization network tacacs+ local
aaa accounting commands 0 stop-only tacacs+
aaa accounting commands 15 start-stop tacacs+
aaa accounting network wait-start tacacs+
aaa accounting system start-stop tacacs+
enable secret 5 .......
enable password 7 .......
!
ip subnet-zero
no ip source-route
ip domain-name interspring.com
ip name-server 207.92.126.67
ip name-server 207.92.126.66
ip name-server 207.92.126.19
ip address-pool local
isdn switch-type primary-5ess
chat-script default "" at&fls0=1&h1&r2&c1&d2&b1e0q2 OK
clock timezone CST -6
clock summer-time CDT recurring
!
controller T1 0
framing esf
clock source line primary
linecode b8zs
pri-group timeslots 1-24
description Dialup Access number is: (512) 427-6052
!
controller T1 1
framing esf
clock source line secondary
linecode b8zs
pri-group timeslots 1-24
description Dialup Access number is: (512) 427-6052
!
controller T1 2
shutdown
clock source internal
!
controller T1 3
shutdown
clock source internal
!
interface Ethernet0
ip address 207.92.126.5 255.255.255.240
no ip directed-broadcast
!
interface Serial0:23
description Dialup Access number is: (512) 427-6052
ip unnumbered Ethernet0
encapsulation ppp
no ip mroute-cache
isdn incoming-voice modem
no peer default ip address
dialer-group 1
no fair-queue
ppp authentication chap pap
ppp multilink
!
interface Serial1:23
description Dialup Access number is: (512) 427-6052
ip unnumbered Ethernet0
encapsulation ppp
no ip mroute-cache
isdn incoming-voice modem
no peer default ip address
dialer-group 1
no fair-queue
ppp authentication chap pap
ppp multilink
!
interface FastEthernet0
no ip address
no ip directed-broadcast
shutdown
!
interface Group-Async1
ip unnumbered Ethernet0
ip tcp header-compression passive
encapsulation ppp
async mode interactive
peer default ip address pool async
no cdp enable
ppp authentication chap pap
group-range 1 96
!
ip local pool async 207.92.126.129 207.92.126.190
ip default-gateway 207.92.126.1
no ip classless
ip route 0.0.0.0 0.0.0.0 207.92.126.1
ip route 207.92.126.16 255.255.255.240 207.92.126.2
ip route 207.92.126.32 255.255.255.240 207.92.126.2
ip route 207.92.126.48 255.255.255.240 207.92.126.3
ip route 207.92.126.64 255.255.255.240 207.92.126.4
access-list 101 permit ip any any
tacacs-server host 207.92.126.66
tacacs-server timeout 10
tacacs-server key .....
snmp-server community public RO
dialer-list 1 protocol ip list 101
banner login ^C
Welcome to InterSpring.Com. Please enter you username one the following line. ^C
!
line con 0
logging synchronous
login authentication consoleport
line 1 96
session-timeout 20
exec-timeout 120 0
autoselect during-login
autoselect ppp
absolute-timeout 720
script startup default
script reset default
modem Dialin
autocommand ppp default
transport input all
escape-character NONE
line aux 0
line vty 0 4
password 7 ................
!
ntp clock-period 17179369
ntp source Ethernet0
ntp master
ntp update-calendar
ntp server 129.116.206.10
scheduler interval 1000
end
---------
Tac_plus configuration file;
including commented sections that I've tried! :-(
#
# tac_plus config file
# /usr/local/etc/tac_plus.conf
# ALL Comments with a * beside them were modified on Mar 14
# All Comments with a . beside them were modified on Mar 15
#
# Handshake with router--NAS needs 'tacacs-server key cisco':
key = .......
# Following three lines define the defualt treatment of users.
default authentication = file /etc/passwd
default authorization = permit
accounting file = /var/tmp/account.txt
#
# GROUPS
#
group = 2500 {
service = exec { autocmd = "ppp" }
service = ppp protocol = ip {
}
}
#*group = int {
# full internet access
#* service = exec {
#* autocmd = "ppp default"
#* }
#* service = ppp protocol = ip {
#* default attribute = permit
#* }
#*
#* service = ppp protocol = lcp {
#* default attribute = permit
#* }
#*
#* cmd = ppp {
#* permit default
#* }
#*
#*}
#
#User list
#
# User who can telnet in to configure: (this is so that you can telnet to the
# access server and configure it. Without this line you cannot telnet to the unit.
# DO NOT ERASE!!!!
user = !root {
default service = permit
login = cleartext "......."
}
#.user = authauto {
#. login = file /etc/passwd
#* member = int
#. service = ppp protocol = ip {
#. default attribute = permit
#. }
#. }
user = DEFAULT {
member = 2500
}
user = jeff {
default service = permit
}
#
# ppp/chap authentication line 1 - password must be cleartext per chap spec
#
#* user = "" {
#* login = file /etc/password
#* chap = cleartext "......."
#* service = ppp protocol = ip {
#* default attribute = permit
#* }
#* }
#*
#
# ppp/pap authentication line 2
#
#*user = mark {
#* login = file /etc/passwd
#* member = chapuser
#* service = ppp protocol = ip {
#* default attribute = permit
#* }
#* }
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903160013.SAA01129>