-
I had the same issue.. Patch Work will be. Run a cron job every one minute to kill tacacs or make tacacs reread the config file.. The problem is everytime when you generate a new OTP, tacacs doesn't know about it. Make sure that you set the password expiration time to something like 3- 4 minutes and wait for one minute after the OTP gets generated.. this way it will authenticate using tacacs...
2007-08-20 10:01:06 UTC in WiKID Strong Authentication System
-
Hi Nick,
Tacacs+ worked for me... but has couple of issues....
1. We need to have the user account created on the network client
2. Tacacs+ needs to be restarted with every new OTP generated ( whenever there's a change in tacacs.conf file )
3. I have set the pass expiry to 300s and i tried killing tac_plus and restarting the service, then authenticated and got the linux shell... I tried...
2007-06-28 14:03:35 UTC in WiKID Strong Authentication System
-
Yes...
2007-06-26 16:20:56 UTC in WiKID Strong Authentication System
-
Yes... There is a Firewall on the Wikid Server... Can you tell me what all ports i will need to open for Tacacs+ to work....
Chetan.
2007-06-26 16:04:12 UTC in WiKID Strong Authentication System
-
Jun 26 21:15:30 cjain-test sshd[22454]: Deprecated pam_stack module called from service "sshd"
Jun 26 21:15:30 cjain-test sshd[22454]: pam_sm_authenticate: called (pam_tacplus v1.2.9)
Jun 26 21:15:30 cjain-test sshd[22454]: pam_sm_authenticate: user [chetan] obtained
Jun 26 21:15:30 cjain-test sshd[22454]: tacacs_get_password: called
Jun 26 21:15:30 cjain-test sshd[22454]...
2007-06-26 16:02:14 UTC in WiKID Strong Authentication System
-
Also have you guys seen this version of Tacacs+, http://www.shrubbery.net/tac_plus/ .. they also have support for PAM authentication...
Chetan.
2007-06-26 15:40:54 UTC in WiKID Strong Authentication System
-
Oh, I have forgot to tell you guys something... the src.rpm was not able to install the samba files... so what i did was... installed the 3.0.3.rpm and then compiled the tac_plus from the same src.rpm and copied the tac_plus file to /opt/WiKId/bin/tac_plus... will that create any issue.
Chetan.
2007-06-26 15:14:02 UTC in WiKID Strong Authentication System
-
The status of the user is Enabled.... I don't see anything in wikid logs, also there is no accounting.log file for tacacs under the log directory in wikid...
2007-06-26 03:55:19.349217-04 Passcode Request Successful (128) monitor.com 3527730131861299439 chetan internal N/A
2007-06-26 03:52:09.205942-04 Passcode Request Successful (128) monitor.com 3527730131861299439 chetan internal...
2007-06-26 15:01:39 UTC in WiKID Strong Authentication System
-
Hi Harsem,
Can you post your tacacs.conf file here... i think its reject the network client
Chetan.
2007-06-26 14:48:30 UTC in WiKID Strong Authentication System
-
I am using linux as my network client...
/etc/pam.d/tacacs
auth sufficient /lib/security/pam_tacplus.so debug \
server=10.1.100.114 secret=cooler encrypt
account sufficient /lib/security/pam_tacplus.so debug \
server=10.1.100.114 secret=cooler encrypt service=shell protocol=ssh
session sufficient /lib/security/pam_tacplus.so debug \...
2007-06-26 14:36:31 UTC in WiKID Strong Authentication System
