Ziv,

I think Phil pretty much covered everything already, it sounds like you're 
going to lean towards the tac-plus implementation.  Here is a walkthrough for 
getting it going with backend LDAP authentication, there are some extra 
functions in his blog as well, like a TACACS log viewer: 
http://www.sweetfixes.com/blogs/robert/archive/2008/11/20/configuring-a-tacacs-server-on-ubuntu-8-10-linux.aspx
 I can't comment on the structure of your AD, but you can limit your query 
scope to a particular starting OU and avoid unwanted built-in accounts or sets 
of users.

The rest of your command sets or privilege levels would be defined in the 
/etc/tacplus.conf file.

-ryan
_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to