From owner-freebsd-isp Mon Mar 15 16:15:20 1999 Delivered-To: freebsd-isp@freebsd.org Received: from tiberius.emperor.org (unknown [207.92.126.19]) by hub.freebsd.org (Postfix) with ESMTP id 33BD6150F5 for ; Mon, 15 Mar 1999 16:15:15 -0800 (PST) (envelope-from mark@tiberius.emperor.org) Received: (from mark@localhost) by tiberius.emperor.org (8.8.8/8.8.8) id SAA01129 for freebsd-isp@freebsd.org; Mon, 15 Mar 1999 18:13:12 -0600 (CST) (envelope-from mark) From: Mark Turner Message-Id: <199903160013.SAA01129@tiberius.emperor.org> Subject: Re: tac_plus config In-Reply-To: <36ED81FD.B96211A4@MexComUSA.net> from Edwin Culp at "Mar 15, 99 03:56:13 pm" To: freebsd-isp@freebsd.org Date: Mon, 15 Mar 1999 18:13:12 -0600 (CST) X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm still getting errors trying to log in. (sigh) more junk log files.. Mon Mar 15 16:09:00 1999 [40808]: Reading config Mon Mar 15 16:09:00 1999 [40808]: Initialized 1 Mon Mar 15 16:09:00 1999 [40808]: tac_plus server $Id: tac_plus.c,v 1.67 1995/07/25 03:46:27 lol Exp $ starting Mon Mar 15 16:09:00 1999 [40809]: Backgrounded Mon Mar 15 16:09:00 1999 [40809]: uid=0 euid=0 gid=0 egid=0 s=0 Mon Mar 15 16:09:12 1999 [40812]: 207.92.126.5: Session aborted by request Mon Mar 15 16:09:12 1999 [40812]: 207.92.126.5: Abort msg: Autoselected Mon Mar 15 16:09:19 1999 [40813]: cfg_get_value: name=jeff isuser=1 attr=login rec=1 Mon Mar 15 16:09:19 1999 [40813]: cfg_get_intvalue: returns NULL Mon Mar 15 16:09:19 1999 [40813]: cfg_get_value: name=jeff isuser=1 attr=global rec=1 Mon Mar 15 16:09:19 1999 [40813]: cfg_get_intvalue: returns NULL Mon Mar 15 16:09:19 1999 [40813]: 207.92.126.5: fd 1 eof (connection closed) Mon Mar 15 16:09:19 1999 [40813]: Error Read -1 bytes from 207.92.126.5, expecting 12 Mon Mar 15 16:09:19 1999 [40813]: Error 207.92.126.5: Null reply packet when expecting CONTINUE Mon Mar 15 16:09:19 1999 [40814]: cfg_get_value: name=jeff isuser=1 attr=expires rec=1 Mon Mar 15 16:09:19 1999 [40814]: cfg_get_intvalue: returns NULL Mon Mar 15 16:09:19 1999 [40814]: cfg_get_value: name=jeff isuser=1 attr=chap rec=1 Mon Mar 15 16:09:19 1999 [40814]: cfg_get_intvalue: returns NULL Mon Mar 15 16:09:19 1999 [40814]: cfg_get_value: name=jeff isuser=1 attr=global rec=1 Mon Mar 15 16:09:19 1999 [40814]: cfg_get_intvalue: returns NULL Mon Mar 15 16:09:19 1999 [40814]: sendpass query for 'jeff' Async49 from 207.92.126.5 rejected > While you're at it you might want to try the tac_plus.F4.0.2.alpha.tar.Z unless someone has a newer I'm grabbing this thanks. > one. I haven't looked for sometime. Although I used 2.1 for a long time with no problems. I just > upgraded to upgrade as I remember :-) > > ed > > P.S. They all compile out of the box, more or less:-) > > Mark Turner wrote: > > > Ed, > > I think there were a couple things in the config I was missing, > > these examples will help a TON!! > > I'm uploading the latest(gulp) IOS, so I can upload new modem > > code. > > I'll retest as soon as I can. > > Again thanks everyone for the help. > > > > -- > > Mark Turner > > mark@maestro.org > > P > > latest modem code at the moment. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > These are my current config's. AS5396; Current configuration: ! ! No configuration change since last restart ! version 11.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname blackjack ! aaa new-model aaa authentication login default tacacs+ enable aaa authentication login consoleport none aaa authentication ppp default if-needed tacacs+ aaa authorization exec tacacs+ if-authenticated aaa authorization commands 1 tacacs+ if-authenticated none aaa authorization commands 15 tacacs+ if-authenticated none aaa authorization network tacacs+ local aaa accounting commands 0 stop-only tacacs+ aaa accounting commands 15 start-stop tacacs+ aaa accounting network wait-start tacacs+ aaa accounting system start-stop tacacs+ enable secret 5 ....... enable password 7 ....... ! ip subnet-zero no ip source-route ip domain-name interspring.com ip name-server 207.92.126.67 ip name-server 207.92.126.66 ip name-server 207.92.126.19 ip address-pool local isdn switch-type primary-5ess chat-script default "" at&fls0=1&h1&r2&c1&d2&b1e0q2 OK clock timezone CST -6 clock summer-time CDT recurring ! controller T1 0 framing esf clock source line primary linecode b8zs pri-group timeslots 1-24 description Dialup Access number is: (512) 427-6052 ! controller T1 1 framing esf clock source line secondary linecode b8zs pri-group timeslots 1-24 description Dialup Access number is: (512) 427-6052 ! controller T1 2 shutdown clock source internal ! controller T1 3 shutdown clock source internal ! interface Ethernet0 ip address 207.92.126.5 255.255.255.240 no ip directed-broadcast ! interface Serial0:23 description Dialup Access number is: (512) 427-6052 ip unnumbered Ethernet0 encapsulation ppp no ip mroute-cache isdn incoming-voice modem no peer default ip address dialer-group 1 no fair-queue ppp authentication chap pap ppp multilink ! interface Serial1:23 description Dialup Access number is: (512) 427-6052 ip unnumbered Ethernet0 encapsulation ppp no ip mroute-cache isdn incoming-voice modem no peer default ip address dialer-group 1 no fair-queue ppp authentication chap pap ppp multilink ! interface FastEthernet0 no ip address no ip directed-broadcast shutdown ! interface Group-Async1 ip unnumbered Ethernet0 ip tcp header-compression passive encapsulation ppp async mode interactive peer default ip address pool async no cdp enable ppp authentication chap pap group-range 1 96 ! ip local pool async 207.92.126.129 207.92.126.190 ip default-gateway 207.92.126.1 no ip classless ip route 0.0.0.0 0.0.0.0 207.92.126.1 ip route 207.92.126.16 255.255.255.240 207.92.126.2 ip route 207.92.126.32 255.255.255.240 207.92.126.2 ip route 207.92.126.48 255.255.255.240 207.92.126.3 ip route 207.92.126.64 255.255.255.240 207.92.126.4 access-list 101 permit ip any any tacacs-server host 207.92.126.66 tacacs-server timeout 10 tacacs-server key ..... snmp-server community public RO dialer-list 1 protocol ip list 101 banner login ^C Welcome to InterSpring.Com. Please enter you username one the following line. ^C ! line con 0 logging synchronous login authentication consoleport line 1 96 session-timeout 20 exec-timeout 120 0 autoselect during-login autoselect ppp absolute-timeout 720 script startup default script reset default modem Dialin autocommand ppp default transport input all escape-character NONE line aux 0 line vty 0 4 password 7 ................ ! ntp clock-period 17179369 ntp source Ethernet0 ntp master ntp update-calendar ntp server 129.116.206.10 scheduler interval 1000 end --------- Tac_plus configuration file; including commented sections that I've tried! :-( # # tac_plus config file # /usr/local/etc/tac_plus.conf # ALL Comments with a * beside them were modified on Mar 14 # All Comments with a . beside them were modified on Mar 15 # # Handshake with router--NAS needs 'tacacs-server key cisco': key = ....... # Following three lines define the defualt treatment of users. default authentication = file /etc/passwd default authorization = permit accounting file = /var/tmp/account.txt # # GROUPS # group = 2500 { service = exec { autocmd = "ppp" } service = ppp protocol = ip { } } #*group = int { # full internet access #* service = exec { #* autocmd = "ppp default" #* } #* service = ppp protocol = ip { #* default attribute = permit #* } #* #* service = ppp protocol = lcp { #* default attribute = permit #* } #* #* cmd = ppp { #* permit default #* } #* #*} # #User list # # User who can telnet in to configure: (this is so that you can telnet to the # access server and configure it. Without this line you cannot telnet to the unit. # DO NOT ERASE!!!! user = !root { default service = permit login = cleartext "......." } #.user = authauto { #. login = file /etc/passwd #* member = int #. service = ppp protocol = ip { #. default attribute = permit #. } #. } user = DEFAULT { member = 2500 } user = jeff { default service = permit } # # ppp/chap authentication line 1 - password must be cleartext per chap spec # #* user = "" { #* login = file /etc/password #* chap = cleartext "......." #* service = ppp protocol = ip { #* default attribute = permit #* } #* } #* # # ppp/pap authentication line 2 # #*user = mark { #* login = file /etc/passwd #* member = chapuser #* service = ppp protocol = ip { #* default attribute = permit #* } #* } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message