home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!usc!sdd.hp.com!uakari.primate.wisc.edu!ames!agate!boulder!recnews
- From: pushp-m@CERF.NET (Pushpendra Mohta)
- Newsgroups: comp.dcom.sys.cisco
- Subject: Re: Tacacs-server authneticate slip
- Message-ID: <9208122108.AA08876@nic.cerf.net>
- Date: 12 Aug 92 21:08:20 GMT
- Sender: news@colorado.edu
- Lines: 62
- In-Reply-To: <9208121735.AA05620@is.rice.edu>; from "Evan R. Wetstone" at Aug 12, 92 12:35 pm
- X-Usmail: CERFnet, P.O. BOX 85608, San Diego, CA 92186-9784
- X-Mailer: ELM [version 2.3 PL11]
-
- Evan R. Wetstone writes:
- >>
- >>Has anyone gotten the command "tacacs-server authenticate slip" to work?
- >>
- >>I'm trying to find some mechanism to allow and control SLIP access to our
- >>terminal server on the same lines that I allow unauthenticated (but address-
- >>filtered) telnet access. The manual suggests that "tacacs-server
- >>authenticate slip" would be the way to do this.
- >>
- >>I can't get it to work at all. On some of our lines (which require tacacs
- >>authentication to log into) the terminal server will send a "SLIPON" message
- >>to the tacacs server. Watching this with our Sniffer, I can see that it
- >>sends the tacacs message with just a userid. On our other lines, which do
- >>not require tacacs logins, no message gets sent at all. In no case does
- >>the terminal server ever prompt for a userid and password to enable SLIP.
- >>
- >>Our terminal server is a CSC/2 running 8.3(3.1 )
- >>
- >>Any pointers will be appreciated.
- >>
- >>--
- >>Evan
- >>
- This works here:
-
- tacacs-server host a.b.c.d
- tacacs-server attempts 5
- tacacs-server retransmit 3
- tacacs-server timeout 3
- tacacs-server extended
- tacacs-server authenticate slip
-
-
- line 2
- location SDSC-452-abcd
- login tacacs
- exec-timeout 30 0
- flowcontrol hardware in
- flowcontrol hardware out
- modem RI-is-CD
- session-timeout 30 output
- stopbits 1
- txspeed 57600
- rxspeed 57600
- slip address dynamic
- telnet transparent
-
- Depending on the tacacsd server you are using, you may need to create
- an entry with the username in all caps in the passwd file.
-
- Also, the TS must have some way of translation the username
- into an IP address either using a "ip host username ip-address"
- command or using DNS.
-
- Actually, reading your message again, I think you want no first level
- authentication but only authenticated slip. This may not be
- possible .....
-
- --pushpendra
-
- Pushpendra Mohta pushp@cerf.net +1 619 455 3908
- CERFNet +1 800 876 2373
-