Ziv, I think Phil pretty much covered everything already, it sounds like you're going to lean towards the tac-plus implementation. Here is a walkthrough for getting it going with backend LDAP authentication, there are some extra functions in his blog as well, like a TACACS log viewer: http://www.sweetfixes.com/blogs/robert/archive/2008/11/20/configuring-a-tacacs-server-on-ubuntu-8-10-linux.aspx I can't comment on the structure of your AD, but you can limit your query scope to a particular starting OU and avoid unwanted built-in accounts or sets of users.
The rest of your command sets or privilege levels would be defined in the /etc/tacplus.conf file. -ryan _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
