similar to: tacacs+ to radius bridge or proxy or something?

Hi, I am trying to get Openssh 5.5p1 to work with TACACS+. I have the TACACS + PAM module compiled on Ubuntu. I have compiled SSH --with-pam. When the user is defined in /etc/passwd, the SSH authentication to the TACACS+ server takes place successfully. If I REMOVE the user from /etc/passwd OpenSSH sends a string called INCORRECT to the TACACS+ server and it denies authentication. I am trying

Sudarshan Soma wrote: > Does sssd/NSS has a way to fetch user names from sources like > RADIUS/TACACS server? My impression is that while this might be theoretically possible, nobody does this. Especially it's not clear to me how you would push group membership to the system. And AFAICS in case of TACACS+ there's also only a single "role" available (translate this to

Any good source to tac_plus server for centos 6? thanks, -- Eero

On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > HI, I do see some refernce on it: but seems not closed > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > Is this patch available in latest versions, 7.6? No. It never was. The SSSD is using NSS (Name Service Switch) [1] way of getting

Hi All, is there an RPM for it for CentOS.? I tried "yum install tacacs+" but got nothing. I also checked dags repo and found nothing. Cheers. Mark Sargent.

Hi I am trying to write pam_radius module which talks to RADIUS server for aaa. I see sshd checks /etc/passwd for user list. Since RADIUS server has user list, can sshd ignore this check for RADIUS/TACACS+ authentication, Please suggest if there are any flags to control it. I am using the following versions. OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 I see sssd (NAS) being used for such use

Hi, Thanks for the replay. This is the platform which we are using. Distributor ID: Debian Description: Debian GNU/Linux 8.2 (jessie) Release: 8.2 Codename: jessie Regards, Vishwanath KC +918892599848. On Tue, Jan 24, 2017 at 11:16 AM, Darren Tucker <dtucker at zip.com.au> wrote: > On Tue, Jan 24, 2017 at 4:17 PM, Vishwanath KC <vicchi.cit at gmail.com> >

On 1 March 2018 at 12:26, hw <hw at gc-24.de> wrote: > Stephen John Smoogen wrote: >> >> On 1 March 2018 at 08:42, hw <hw at gc-24.de> wrote: >> >>> >>> I didn?t say I want that, and I don?t know yet what I want. A captive >>> portal may >>> be nice, but I haven?t found a way to set one up yet, and I don?t have an >>>

Hi, I am Vishwanath, I got one requirement from our clients regarding remote authentication. In which all users info present in remote user database. Currently using openssh for SSH connections. To open a new remote session via SSH, the openssh will look into the /etc/passwd file. If user present then it will allow to login using password or key authentication. But in my case all user info is

Hi We recenlty ugraded to openssh-3.7.1p2. Our architecture is ssh daemon uses pam module which sends request to remote radius/tacacs+ servers based on configuration. Now if I create the user in /etc/passwd, then ssh daemon calls pam and everthing works fine. But if the user is not present in /etc/passwd, then ssh daemon is not calling pam. The debug log is given below. All these

On Fri, Feb 23, 2018 at 11:22 AM, hw <hw at gc-24.de> wrote: > As a customer visting a store, would you go to the lengths of configuring > your > cell phone (or other wireless device) to authenticate with a RADIUS server > in > order to gain internet access through the wirless network of the store? > > From what I?m being told, everyone already has internet access with

Richard Grainger wrote: > On Fri, Feb 23, 2018 at 11:22 AM, hw <hw at gc-24.de> wrote: > >> As a customer visting a store, would you go to the lengths of configuring >> your >> cell phone (or other wireless device) to authenticate with a RADIUS server >> in >> order to gain internet access through the wirless network of the store? >> >> From

Stephen John Smoogen wrote: > On 1 March 2018 at 12:26, hw <hw at gc-24.de> wrote: >> Stephen John Smoogen wrote: >>> >>> On 1 March 2018 at 08:42, hw <hw at gc-24.de> wrote: >>> >>>> >>>> I didn?t say I want that, and I don?t know yet what I want. A captive >>>> portal may >>>> be nice, but I haven?t

On Fri, 23 Feb 2018, hw wrote: > There are devices that are using PXE-boot and require access to the company > LAN. If I was to allow PXE-boot for unauthenticated devices, the whole > thing would be pointless because it would defeat any security advantage that > could be gained by requiring all devices and users to be authenticated: > Anyone could bring a device capable of

Hello! My name is Denis Shaposhnikov. I'm looking for a job in EU (Germany is preferably) as a UNIX/FreeBSD system administrator and/or network administrator that lets me utilize my experience in an Internet Service Providing (ISP). Skills: * Operating systems: UNIX (FreeBSD 2.2 - STABLE), Cisco IOS (10.x - 12.x), ZyNOS. Understand how systems work and is able to apply this

IPSec is very complex with certificates. try first with PSK authentication and then with certificates -- Eero 2016-04-01 20:21 GMT+03:00 Glenn Pierce <glennpierce at gmail.com>: > I generated according to the docs . Which produced > my server.secrets as below > > used the command > > ipsec newhostkey --configdir /etc/ipsec.d --output >

I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only, UNSAFE FOR ENCRYPTION

Hi all: I ahve some basic questions regarding the mpd.conf: set radius retries 3 set radius timeout 3 set radius server 192.168.128.101 testing123 1812 1813 set radius me 1.1.1.1 set bundle enable radius-auth radius-fallback Here my radius server is 192.168.128.101 and interanl interface of this mpd server is 192.168.64.65 1) What is this "testing123"? is that key between radius

in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 -- Eero 2015-04-16 21:02 GMT+03:00 Eero Volotinen <eero.volotinen at iki.fi>: > well. this hack solution might work: > http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html > > -- > Eero > > 2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at

The cheapest sollution is probably compiling a private openssl somewhere on the system and then compiling apache using that private openssl version instead of the default system-wide one. Regards, Dennis On 17.04.2015 13:20, Eero Volotinen wrote: > Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 > and tlsv1.2 and then re-encrypts traffic with tls1.0 might be