search

hpreston / nso-package-tacacs-auth

A project to enable TACACS based external authentication for NSO
1 stars 2 forks source link

Do i have to change the configurarion of the python script or something else? #2

Open pmarchal25 opened 7 months ago

pmarchal25 commented 7 months ago

Hi, i have installed the package in the NSO cisco and i have set up the IP address and key of my tacacs server (in this case my tacacs server is tacacs+ installed in a Virtual machine) but when i create a new user from my tacacs server (tacacs_pus.conf file) i cannot access to the NSO with this new user . Do I have to change something of the python script or in the main script with the aim to solve the problem? I have connection between both environments and i changed the ncs.conf too with the aim to enable external authentication with the python script. The path are correct too:

This is the ncs.conf part i have changed: **

${NCS_DIR}/etc/ncs/ssh 
<!-- Depending on OS - and also depending on user requirements -->
<!-- the pam service value value must be tuned. -->

<pam>
  <enabled>true</enabled>
  <service>common-auth</service>
</pam>
<external-authentication>
  <enabled>true</enabled>
  <executable>/var/opt/ncs/packages/nso-package-tacacs-auth/python/tacacs_auth/tacacs_ext_auth.py</executable>
</external-authentication>

<local-authentication>
  <enabled>true</enabled>
</local-authentication>

**

This is the state of the tacacs_auth package:

cisco@ncs# show packages package tacacs-auth packages package tacacs-auth package-version 1.0 description "Generated Python package" ncs-min-version [ 5.5 ] python-package vm-name tacacs-auth python-package callpoint-model threading directory /var/opt/ncs/state/packages-in-use/1/nso-package-tacacs-auth templates [ tacacs-auth-template ] template-loading-mode strict component main application python-class-name tacacs_auth.main.Main application start-phase phase2 oper-status up

and this is the configuration of the connection with the tacacs server:

tacacs-auth host [ 192.168.27.118 ] tacacs-auth secret test

Thank you so much.

Best Regards. Pedro

hpreston commented 7 months ago

At first glance that looks right. You shouldn’t have to update the python scripts or anything, it pulls data from the service.

Have you looked at the log files? Suggestions on what to look for are in this guide.

pmarchal25 commented 7 months ago

I am going to look it because i tried everything and still the service is not working. This python script should take tthe information of my tacacs server without any problem? In my tacacs server i have a group called "admin", Should it really work? For example: i have created a user in my TACACS server, called "test" that belongs to the group "admin" (both created in the configuration file of the TACAS server). Neither the user nor the group are created in the NSO cisco router, is created only in the TACACS server.

Thank you so much.

Pedro