TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
GNU Lesser General Public License v3.0
132
stars
100
forks
source link
Ubuntu Failing with "Tacacs Session aborted". #191
Currently using ISE as our TACACS server. i'm attempting to use libpam_tacplus to allow authentication to ise from our linux servers. I installed it on ubuntu using the apt repo but cannot find any documentation on where to put the server/secret information. Found a 2007 post on a forum somewhere to add it behind the pam_tacplus.so line on each of the common- files. so i did.
This did two things. it locked me out of local user session on ubuntu, and it did reach out to our ise but errored out with an aborted session in the live logs.
all i did was edit these files from all common- files in /etc/pam.d
old:
auth sufficient pam_tacplus.so
new:
auth sufficient pam_tacplus.so server=iseserver01 server=iseserver02 secret=isepassword
If i am failing something very simple in the setup please let me know. I'm not familiar with pam setups and i'm pretty sure i'm self-sabotaging my setup.
Currently using ISE as our TACACS server. i'm attempting to use libpam_tacplus to allow authentication to ise from our linux servers. I installed it on ubuntu using the apt repo but cannot find any documentation on where to put the server/secret information. Found a 2007 post on a forum somewhere to add it behind the pam_tacplus.so line on each of the common- files. so i did.
This did two things. it locked me out of local user session on ubuntu, and it did reach out to our ise but errored out with an aborted session in the live logs.
all i did was edit these files from all common- files in /etc/pam.d old: auth sufficient pam_tacplus.so new: auth sufficient pam_tacplus.so server=iseserver01 server=iseserver02 secret=isepassword
If i am failing something very simple in the setup please let me know. I'm not familiar with pam setups and i'm pretty sure i'm self-sabotaging my setup.