home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!ub!csn!boulder!recnews
- From: billw@regal.cisco.com (WilliamChops Westfield)
- Newsgroups: comp.dcom.sys.cisco
- Subject: Re: Tacacs-server authneticate slip
- Message-ID: <CMM.0.90.2.714277353.billw@regal.cisco.com>
- Date: 20 Aug 92 02:22:33 GMT
- Sender: news@colorado.edu
- Lines: 34
- In-Reply-To: Your message of Wed, 12 Aug 92 12:35:32 CDT
-
-
- I'm trying to find some mechanism to allow and control SLIP access to
- our terminal server on the same lines that I allow unauthenticated
- (but address-filtered) telnet access. The manual suggests that
- "tacacs-server authenticate slip" would be the way to do this.
-
- I can't get it to work at all. On some of our lines (which require
- tacacs authentication to log into) the terminal server will send a
- "SLIPON" message to the tacacs server. Watching this with our
- Sniffer, I can see that it sends the tacacs message with just a
- userid. On our other lines, which do not require tacacs logins, no
- message gets sent at all. In no case does the terminal server ever
- prompt for a userid and password to enable SLIP.
-
- The terminal server is behaving as expected.
-
- First of all, "tacacs-server authenticate <anything>" only works on
- lines that a user has already logged in on. This is because:
-
- "tacacs authenticate <anything>" never asks the user for any additional
- data. It sends a tacacs request with the userid and name (which it
- already knows), and the other information (like, this user is turning
- on SLIP.) The tacacs server is supposed to be able to tell from this
- information whether that user is allowed to execute that operation.
- (The tacacs server that cisco provides always accepts SLIPON requests.)
-
- If you want SLIP access to be authenticated on all lines, you might
- try setting "slip address dynamic" on the lines, which causes the address
- that the user wants to be authenticated with a separate password (more
- similar to a tacacs login.) This results in up to three tacacs requests:
- one to log in, one to assign a SLIP address, and one to turn slip on.
-
- Bill Westfield
- cisco Systems.
-