Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working?
it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module
https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs...
Anything specific you're having issues with?
-Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Andrew Meyer" andrewm659@yahoo.com Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+
Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working?
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Trying to set it up.. Going to try this weekend if I have time otherwise next week. Sent from Yahoo Mail on Android
On Fri, Jun 9, 2017 at 15:51, Jakeemail@ml.jacobdevans.com wrote: it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs...
Anything specific you're having issues with? -Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Andrew Meyer" andrewm659@yahoo.com Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+
Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Haven't gotten that far yet. Want to set it up.
On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs...
Anything specific you're having issues with? -Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Andrew Meyer" andrewm659@yahoo.com Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+
Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
So this post is having me compile the pam_tacacs. Do I still need to do that if I am using shrubbery.net TACACS+?
On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Haven't gotten that far yet. Want to set it up.
On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs...
Anything specific you're having issues with? -Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Andrew Meyer" andrewm659@yahoo.com Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+
Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
I think you only want the PAM module if you are trying to authenticate your users via tacacs for Linux. It sounds like you are trying to setup a tacacs server and using FreeIPA as your user store. In which case you'll want to look at configuring the tacacs service to talk to FreeIPA's LDAP
Joshua D Doll
On June 12, 2017 12:12:53 PM EDT, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
So this post is having me compile the pam_tacacs. Do I still need to do that if I am using shrubbery.net TACACS+?
On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Haven't gotten that far yet. Want to set it up.
On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs...
Anything specific you're having issues with? -Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Andrew Meyer" andrewm659@yahoo.com Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+
Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Correct. So I would skip the adding of the pam module and just create a new pam config file, right?
On Monday, June 12, 2017 2:54 PM, Joshua D Doll via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I think you only want the PAM module if you are trying to authenticate your users via tacacs for Linux. It sounds like you are trying to setup a tacacs server and using FreeIPA as your user store. In which case you'll want to look at configuring the tacacs service to talk to FreeIPA's LDAP
Joshua D Doll
On June 12, 2017 12:12:53 PM EDT, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote: So this post is having me compile the pam_tacacs. Do I still need to do that if I am using shrubbery.net TACACS+?
On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Haven't gotten that far yet. Want to set it up.
On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs...
Anything specific you're having issues with? -Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Andrew Meyer" andrewm659@yahoo.com Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+
Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
I don't think PAM is needed at all, but I could be wrong.
Joshua D Doll
On June 12, 2017 4:28:14 PM EDT, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Correct. So I would skip the adding of the pam module and just create a new pam config file, right?
On Monday, June 12, 2017 2:54 PM, Joshua D Doll via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I think you only want the PAM module if you are trying to authenticate your users via tacacs for Linux. It sounds like you are trying to setup a tacacs server and using FreeIPA as your user store. In which case you'll want to look at configuring the tacacs service to talk to FreeIPA's LDAP
Joshua D Doll
On June 12, 2017 12:12:53 PM EDT, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote: So this post is having me compile the pam_tacacs. Do I still need to do that if I am using shrubbery.net TACACS+?
On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Haven't gotten that far yet. Want to set it up.
On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs...
Anything specific you're having issues with? -Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Andrew Meyer" andrewm659@yahoo.com Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+
Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
-- Sent from my Android device with K-9 Mail. Please excuse my brevity._______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Ok, well i'm going to start getting this setup soon.
On Monday, June 12, 2017 3:30 PM, Joshua D Doll via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I don't think PAM is needed at all, but I could be wrong.
Joshua D Doll
On June 12, 2017 4:28:14 PM EDT, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote: Correct. So I would skip the adding of the pam module and just create a new pam config file, right?
On Monday, June 12, 2017 2:54 PM, Joshua D Doll via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I think you only want the PAM module if you are trying to authenticate your users via tacacs for Linux. It sounds like you are trying to setup a tacacs server and using FreeIPA as your user store. In which case you'll want to look at configuring the tacacs service to talk to FreeIPA's LDAP
Joshua D Doll
On June 12, 2017 12:12:53 PM EDT, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote: So this post is having me compile the pam_tacacs. Do I still need to do that if I am using shrubbery.net TACACS+?
On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Haven't gotten that far yet. Want to set it up.
On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs...
Anything specific you're having issues with? -Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Andrew Meyer" andrewm659@yahoo.com Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+
Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Another question, how hard would it be to separate the this setup? FreeIPA on one server and TACACS+ from shrubbery on another?
On Monday, June 12, 2017 3:34 PM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Correct. So I would skip the adding of the pam module and just create a new pam config file, right?
On Monday, June 12, 2017 2:54 PM, Joshua D Doll via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I think you only want the PAM module if you are trying to authenticate your users via tacacs for Linux. It sounds like you are trying to setup a tacacs server and using FreeIPA as your user store. In which case you'll want to look at configuring the tacacs service to talk to FreeIPA's LDAP
Joshua D Doll
On June 12, 2017 12:12:53 PM EDT, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote: So this post is having me compile the pam_tacacs. Do I still need to do that if I am using shrubbery.net TACACS+?
On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Haven't gotten that far yet. Want to set it up.
On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs...
Anything specific you're having issues with? -Jake
From: "freeipa-users" freeipa-users@lists.fedorahosted.org To: "freeipa-users" freeipa-users@lists.fedorahosted.org Cc: "Andrew Meyer" andrewm659@yahoo.com Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+
Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org
-
Andrew Meyer -
Jake -
Joshua D Doll