From owner-freebsd-isp Mon Mar 15 15:25:36 1999 Delivered-To: freebsd-isp@freebsd.org Received: from tiberius.emperor.org (unknown [207.92.126.19]) by hub.freebsd.org (Postfix) with ESMTP id 0A4CA150B2 for ; Mon, 15 Mar 1999 15:24:48 -0800 (PST) (envelope-from mark@tiberius.emperor.org) Received: (from mark@localhost) by tiberius.emperor.org (8.8.8/8.8.8) id RAA00871 for freebsd-isp@freebsd.org; Mon, 15 Mar 1999 17:22:45 -0600 (CST) (envelope-from mark) From: Mark Turner Message-Id: <199903152322.RAA00871@tiberius.emperor.org> Subject: Re: tac_plus config In-Reply-To: <36ED7B88.A67C4958@MexComUSA.net> from Edwin Culp at "Mar 15, 99 03:28:40 pm" To: freebsd-isp@freebsd.org Date: Mon, 15 Mar 1999 17:22:45 -0600 (CST) X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Mark Turner wrote: > > > > At 12:04 PM 3/15/99 -0600, you wrote: > > > >I'm having ton's of problems getting the ports version > > > >of tac_plus to authenticate for a Cisco AS5300. > > I assume that you have something similar to this in your AS5300 configuration: > > aaa new-model > aaa authentication login default tacacs+ > aaa authentication login SYSOP line > aaa authentication enable default enable none > aaa authentication ppp default if-needed tacacs+ > aaa authorization exec tacacs+ > aaa authorization commands 1 tacacs+ > aaa authorization network tacacs+ > aaa accounting exec start-stop tacacs+ > aaa accounting commands 1 stop-only tacacs+ > aaa accounting network start-stop tacacs+ > aaa accounting system start-stop tacacs+ > > tacacs-server host 10.0.0.1 (This is the ip that you are running tac_plus on.) > > This is your basic tac_plus.confg file: > > accounting file = "/var/log/tac_plus.acct" > default authentication = file /etc/passwd > user = DEFAULT { member = 2500 } > > group = 2500 { > maxsess = 1 > service = exec { autocmd = "ppp" } > service = ppp protocol = ip { > } > } > > user = mark { > default service = permit > } > > This is basic for Tac_plus and cisco 25?? that is about the same as the 5300, I think. You may not > have maxsess. Check the userguide that comes in the distribution. > > Hope this helps a little. > > ed > > Ed, I think there were a couple things in the config I was missing, these examples will help a TON!! I'm uploading the latest(gulp) IOS, so I can upload new modem code. I'll retest as soon as I can. Again thanks everyone for the help. -- Mark Turner mark@maestro.org P latest modem code at the moment. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message