Ok, well i'm going to start getting this setup soon. 

    On Monday, June 12, 2017 3:30 PM, Joshua D Doll via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
 

 I don't think PAM is needed at all, but I could be wrong.

Joshua D Doll

On June 12, 2017 4:28:14 PM EDT, Andrew Meyer via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
Correct.  So I would skip the adding of the pam module and just create a new 
pam config file, right? 

    On Monday, June 12, 2017 2:54 PM, Joshua D Doll via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
 

 I think you only want the PAM module if you are trying to authenticate your 
users via tacacs for Linux. It sounds like you are trying to setup a tacacs 
server and using FreeIPA as your user store. In which case you'll want to look 
at configuring the tacacs service to talk to FreeIPA's LDAP

Joshua D Doll

On June 12, 2017 12:12:53 PM EDT, Andrew Meyer via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
So this post is having me compile the pam_tacacs.  Do I still need to do that 
if I am using shrubbery.net TACACS+? 

    On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
 

 Haven't gotten that far yet.  Want to set it up. 

    On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
 

 it's a pam module and works the same as others, if you are using hbac you'll 
need to create a service for the module
https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs-cisco-acs

Anything specific you're having issues with?
-Jake

From: "freeipa-users" <freeipa-users@lists.fedorahosted.org>
To: "freeipa-users" <freeipa-users@lists.fedorahosted.org>
Cc: "Andrew Meyer" <andrewm...@yahoo.com>
Sent: Friday, June 9, 2017 10:13:52 AM
Subject: [Freeipa-users]FreeIPA and TACACS+

Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   _______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   

-- 
Sent from my Android device with K-9 Mail. Please excuse my 
brevity._______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   

-- 
Sent from my Android device with K-9 Mail. Please excuse my 
brevity._______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to