Tacacs+ - console access works, ssh does not
Hi, I am installing TACACS+ on a CentOS7 server (to replace a Win 2003 based Tacacs) I could not find a Tacacs+ server in the repositories so I installed this one: http://www.shrubbery.net/tac_plus/ Installation was not a problem, and this test configuration: key = <key> user = tester { login = PAM service = exec { default attribute = permit priv-lvl = 15 } } gives the user tester (local to the server) access on a HP Blade Center switch (a Nortel switch) via /c/sys/tacacs prisrv <ip> on cmap enabled if I use the serial console. A list of commands appears and I get a prompt. However, if I try ssh, the login seems to work but I do not get a list of commands and no prompt. The terminal is completely quiet after the login (but it stays connected). I played around a bit but have not been successful. Do you have an idea what may be missing? Thanks for answers Peter
Hi all, I have not seen an "echo" of my mail in the inbox, nor any others. But I heard my mail was distributed via list. So this tests whether I am left in the dark now (I am using gmail and the web interface for this on out of pure laziness) and I also would like to know whether there where answers. BTW: "service shell" was tried by me before too, it did not fix my problem. I still cannot find an exhaustive list of service keywords, I dig into the sources next (after I get my test bed back, I was one night away and changes were made) Thanks Peter On Mon, Dec 14, 2015 at 4:03 PM, Peter Ross <petrosssit@gmail.com> wrote:
Hi,
I am installing TACACS+ on a CentOS7 server (to replace a Win 2003 based Tacacs)
I could not find a Tacacs+ server in the repositories so I installed this one:
http://www.shrubbery.net/tac_plus/
Installation was not a problem, and this test configuration:
key = <key>
user = tester {
login = PAM service = exec { default attribute = permit priv-lvl = 15 }
}
gives the user tester (local to the server) access on a HP Blade Center switch (a Nortel switch) via
/c/sys/tacacs prisrv <ip> on cmap enabled
if I use the serial console.
A list of commands appears and I get a prompt.
However, if I try ssh, the login seems to work but I do not get a list of commands and no prompt. The terminal is completely quiet after the login (but it stays connected).
I played around a bit but have not been successful.
Do you have an idea what may be missing?
Thanks for answers Peter
P.S. luv-main is "dead". I do not get mails anymore. On Wed, Dec 16, 2015 at 11:22 AM, Peter Ross <petrosssit@gmail.com> wrote:
Hi all,
I have not seen an "echo" of my mail in the inbox, nor any others.
But I heard my mail was distributed via list.
So this tests whether I am left in the dark now (I am using gmail and the web interface for this on out of pure laziness)
and I also would like to know whether there where answers.
BTW: "service shell" was tried by me before too, it did not fix my problem.
I still cannot find an exhaustive list of service keywords, I dig into the sources next (after I get my test bed back, I was one night away and changes were made)
Thanks Peter
On Mon, Dec 14, 2015 at 4:03 PM, Peter Ross <petrosssit@gmail.com> wrote:
Hi,
I am installing TACACS+ on a CentOS7 server (to replace a Win 2003 based Tacacs)
I could not find a Tacacs+ server in the repositories so I installed this one:
http://www.shrubbery.net/tac_plus/
Installation was not a problem, and this test configuration:
key = <key>
user = tester {
login = PAM service = exec { default attribute = permit priv-lvl = 15 }
}
gives the user tester (local to the server) access on a HP Blade Center switch (a Nortel switch) via
/c/sys/tacacs prisrv <ip> on cmap enabled
if I use the serial console.
A list of commands appears and I get a prompt.
However, if I try ssh, the login seems to work but I do not get a list of commands and no prompt. The terminal is completely quiet after the login (but it stays connected).
I played around a bit but have not been successful.
Do you have an idea what may be missing?
Thanks for answers Peter
Peter Ross via luv-main <luv-main@luv.asn.au> wrote:
P.S. luv-main is "dead". I do not get mails anymore.
It's working here. Maybe your lack of luv-main mail is due to the Australian summer holidays; or perhaps everybody's Linux systems are working reliably at the moment and there's no need to post requests for community support. The wider question is how the number of subscribers has changed over time - in particular, whether there is a decline, and, if there is, how to reverse it.
Hi Jason, was there any other mail than mine yesterday or the day before? There is a second probability for my "issue": that the Gmail web interface is so smart that it does not show an e-mail by me in the Inbox if it is coming from me. Thanks for the answer Peter On Wed, Dec 16, 2015 at 11:44 AM, Jason White via luv-main < luv-main@luv.asn.au> wrote:
Peter Ross via luv-main <luv-main@luv.asn.au> wrote:
P.S. luv-main is "dead". I do not get mails anymore.
It's working here.
Maybe your lack of luv-main mail is due to the Australian summer holidays; or perhaps everybody's Linux systems are working reliably at the moment and there's no need to post requests for community support.
The wider question is how the number of subscribers has changed over time - in particular, whether there is a decline, and, if there is, how to reverse it.
_______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
On 16/12/15 11:57, Peter Ross via luv-main wrote:
Hi Jason,
was there any other mail than mine yesterday or the day before?
There is a second probability for my "issue": that the Gmail web interface is so smart that it does not show an e-mail by me in the Inbox if it is coming from me.
I think I have noticed that too. Also about 2 weeks ago, I sent 2 emails to luv-ctte (not main, but on same server). These emails were not received by anyone, but they were in the mailman archive. I had assumed it was something on my side, as I was fiddling with a few networking config at that same time. And all is good now. BUT I always was wondering if someone else could have been affected in a similar way. Your TACAS+ emails were received and I don't think there was much response to it. Daniel
Thanks for the answer Peter
On Wed, Dec 16, 2015 at 11:44 AM, Jason White via luv-main <luv-main@luv.asn.au <mailto:luv-main@luv.asn.au>> wrote:
Peter Ross via luv-main <luv-main@luv.asn.au <mailto:luv-main@luv.asn.au>> wrote: > P.S. luv-main is "dead". I do not get mails anymore.
It's working here.
Maybe your lack of luv-main mail is due to the Australian summer holidays; or perhaps everybody's Linux systems are working reliably at the moment and there's no need to post requests for community support.
The wider question is how the number of subscribers has changed over time - in particular, whether there is a decline, and, if there is, how to reverse it.
_______________________________________________ luv-main mailing list luv-main@luv.asn.au <mailto:luv-main@luv.asn.au> http://lists.luv.asn.au/listinfo/luv-main
_______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
On Wed, 16 Dec 2015 11:22:29 AM Peter Ross via luv-main wrote:
I have not seen an "echo" of my mail in the inbox, nor any others.
But I heard my mail was distributed via list.
The lists appear to be working OK. There has been discussion on the committee list and I've also had a private reply to my message offering a PC (it's now taken). -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
Hi all, The TACACS+ server seems to be okay but the switch has an issue. This ancient HP blade switches are quite unique, and I should have used a Cisco to start with (I just did not one at hand). Sorry about the noise. If someone knows these HP blade switches.. I compare it to one in production and cannot see the difference at all. Regards Peter On Mon, Dec 14, 2015 at 4:03 PM, Peter Ross <petrosssit@gmail.com> wrote:
Hi,
I am installing TACACS+ on a CentOS7 server (to replace a Win 2003 based Tacacs)
I could not find a Tacacs+ server in the repositories so I installed this one:
http://www.shrubbery.net/tac_plus/
Installation was not a problem, and this test configuration:
key = <key>
user = tester {
login = PAM service = exec { default attribute = permit priv-lvl = 15 }
}
gives the user tester (local to the server) access on a HP Blade Center switch (a Nortel switch) via
/c/sys/tacacs prisrv <ip> on cmap enabled
if I use the serial console.
A list of commands appears and I get a prompt.
However, if I try ssh, the login seems to work but I do not get a list of commands and no prompt. The terminal is completely quiet after the login (but it stays connected).
I played around a bit but have not been successful.
Do you have an idea what may be missing?
Thanks for answers Peter
Quoting Peter Ross via luv-main (luv-main@luv.asn.au):
This ancient HP blade switches are quite unique, and I should have used a Cisco to start with (I just did not one at hand).
Maybe the HP blade switches can run Cumulus Linux? https://cumulusnetworks.com/support/linux-hardware-compatibility-list/ https://docs.cumulusnetworks.com/display/HardwareGuides/Cumulus+Linux+Hardwa...
Thanks for the idea. But the switch is too old.. Anyway, a firmware update fixed the problem. I do not understand how someone can sell a switch with Tacacs+ options if it simply does not work.. I should send a bill to HP. Regards Peter On Thu, Dec 17, 2015 at 3:52 AM, Rick Moen via luv-main <luv-main@luv.asn.au
wrote:
Quoting Peter Ross via luv-main (luv-main@luv.asn.au):
This ancient HP blade switches are quite unique, and I should have used a Cisco to start with (I just did not one at hand).
Maybe the HP blade switches can run Cumulus Linux? https://cumulusnetworks.com/support/linux-hardware-compatibility-list/
https://docs.cumulusnetworks.com/display/HardwareGuides/Cumulus+Linux+Hardwa...
_______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
participants (5)
-
Daniel Jitnah -
Jason White -
Peter Ross -
Rick Moen -
Russell Coker