[Freeipa-users] Re: [Freeipa-users]FreeIPA and TACACS+
Another question, how hard would it be to separate the this setup? FreeIPA on one server and TACACS+ from shrubbery on another? On Monday, June 12, 2017 3:34 PM, Andrew Meyer via FreeIPA-userswrote: Correct. So I would skip the adding of the pam module and just create a new pam config file, right? On Monday, June 12, 2017 2:54 PM, Joshua D Doll via FreeIPA-users wrote: I think you only want the PAM module if you are trying to authenticate your users via tacacs for Linux. It sounds like you are trying to setup a tacacs server and using FreeIPA as your user store. In which case you'll want to look at configuring the tacacs service to talk to FreeIPA's LDAP Joshua D Doll On June 12, 2017 12:12:53 PM EDT, Andrew Meyer via FreeIPA-users wrote: So this post is having me compile the pam_tacacs. Do I still need to do that if I am using shrubbery.net TACACS+? On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-users wrote: Haven't gotten that far yet. Want to set it up. On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users wrote: it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs-cisco-acs Anything specific you're having issues with? -Jake From: "freeipa-users" To: "freeipa-users" Cc: "Andrew Meyer" Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+ Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: [Freeipa-users]FreeIPA and TACACS+
So this post is having me compile the pam_tacacs. Do I still need to do that if I am using shrubbery.net TACACS+? On Monday, June 12, 2017 10:15 AM, Andrew Meyer via FreeIPA-userswrote: Haven't gotten that far yet. Want to set it up. On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-users wrote: it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs-cisco-acs Anything specific you're having issues with? -Jake From: "freeipa-users" To: "freeipa-users" Cc: "Andrew Meyer" Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+ Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: [Freeipa-users]FreeIPA and TACACS+
Haven't gotten that far yet. Want to set it up. On Friday, June 9, 2017 6:08 PM, Jake via FreeIPA-userswrote: it's a pam module and works the same as others, if you are using hbac you'll need to create a service for the module https://serverfault.com/questions/425020/authenticate-linux-sshd-with-tacacs-cisco-acs Anything specific you're having issues with? -Jake From: "freeipa-users" To: "freeipa-users" Cc: "Andrew Meyer" Sent: Friday, June 9, 2017 10:13:52 AM Subject: [Freeipa-users]FreeIPA and TACACS+ Has anyone gotten FreeIPA and TACACS+ from shrubbery.net working? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org