FreeBSD tacacs + client
I'm trying to run the tacacs + client on FreeBSD 9.2, but it doesn't work. the server is in windows using tacacs.net. I know the server is working because I can get the client to work on the cisco router. but I cannot get it to work on FreeBSD.
this is my /etc/pam.d/tacacs file:
auth sufficient /usr/lib/pam_tacplus.so debug server = 10.0.0.9 secret=somesecret
account sufficient /usr/lib/pam_tacplus.so debug server = 10.0.0.9 secret=somesecret protocol=login
session sufficient /usr/lib/pam_tacplus.so debug server = 10.0.0.9 secret=somesecret protocol=login
and / etc / pam.d / login:
auth include tacacs
account include tacacs
session include tacacs
and / etc / tacplus.conf:
10.0.0.9 "somesecret" 15
the problem is there are no good tutorials on how to do this, and everything I did was based on some forums and I'm not sure if they are correct or not.
would be grateful if you could help me. thank,
EDIT: I have disabled my firewall on windows and now it connects. But now when I try to login, it asks me for the password about 5 times and then it says "wrong login" but the password is correct.
EDIT2: I found it authenticates correctly and FreeBSD gets it, but it still doesn't log in. my guess is that the "login" service is looking elsewhere for login information and cannot find the TACACS + users. I've read the login.conf file and haven't been able to figure it out yet.
source to share
Well I found out how to make it work. After all this configuration, you will need to add the TACACS + user you want to log in to locally on the client system. for example, you have a user group on the TACACS + server and now you want to log on to the client with user "one". you will need to add this user locally, without any additional configuration, and you will be installed. the problem is that you cannot know all the users on the TACACS + server; so I am still looking for a better way.
UPDATE the best way is to use pam_exec.so. you can write a script that will add a user to the system; and run pam_exec.
source to share