Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: Netdisco & TACACS+ issue (Michael Butash)
2. Re: Netdisco & TACACS+ issue (Meskanen, Riku)
--- Begin Message ---
I recently setup ND to work against tacacs at my current customer, the AD
team is clueless here and takes an act of god to get a service account, so
I said screw it to point it at our Cisco ISE for tacacs servers. Works
great so far for me with this config:
## tacacs authentication
tacacs:
- { server: 'ise01.example.com', key: 'psk' }
- { server: 'ise02.example.com', key: 'psk' }
-mb
On Thu, Oct 6, 2022 at 5:16 AM Meskanen, Riku <riku.h.meska...@jyu.fi>
wrote:
> Hi,
>
> I’ve got an day old Netdisco test installation running on Debian 11, with
> a typical server setup.
>
> Linux nd3 5.10.0-18-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) x86_64
> GNU/Linux
>
> Netdisco:
> Software Version
> App::Netdisco 2.57.7
> SNMP::Info 3.89
> DB Schema 75
> PostgreSQL 13.00.8
> Perl 5.32.1
>
> Installed Netdisco yesterday using installation instructions from
> https://metacpan.org/pod/App::Netdisco
> and everything went fine. Discovering devices, nodes OK etc.
>
> Statistics for this installation
>
> 512 devices with 1,250 IPs
> 28,800 interfaces of which 13,781 are up
> 906 layer 2 links between devices
> 34,960 nodes logged, of which 19,546 are active
> 20,501 IPs logged, of which 20,405 are active
> Statistics last generated on 2022-10-06
>
> This far everything is great, but I doesn’t seem to get tacacs+
> authentication working.
>
> Tacacs server (tacacs-F4.0.4.28) has been operational long time another
> server and all devices above are configured to use it, firewall and
> tcpwrapper permitting etc to netdisco installation test server.
>
> When I add tacacs server to ~netdisco/environments/deployment.yml like
> documentation advise,
>
> - https://github.com/netdisco/netdisco/wiki/Configuration#tacacs
>
> (I did try also the multiple tacacs server config and it didn’t help
> either)
>
> add an user whith tacacs selected, use another browser to test it I don’t
> see any login attempts from server running Netdisco.
>
> Tcpdump doesn’t show up even attempt and of course running tacacs server
> in debug mode neither. Restarting any services etc. make no difference.
>
> Anybody got an idea what I’m missing here or didn’t understand to do or
> add so that netdisco tacacs+ would need to work. Netdisco seemenly comes
> with a self sufficient tacacs client module which doesn’t require
> libtacacs.so.1 etc.
>
> $ ldd
> perl5/lib/perl5/x86_64-linux-gnu-thread-multi/auto/Authen/TacacsPlus/TacacsPlus.so
> linux-vdso.so.1 (0x00007ffdf8ffc000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f72fa24a000)
> /lib64/ld-linux-x86-64.so.2 (0x00007f72fa430000)
> $
>
> Any help with this would be greatly appreciated.
>
> :-) riku
>
>
> --
> [ This .signature intentionally left blank ]
>
>
>
>
> _______________________________________________
> Netdisco mailing list
> netdisco-users@lists.sourceforge.net
> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
--- End Message ---
--- Begin Message ---
Hi,
As mentioned earlier, I did try exactly the same. But no luck. I didn’t see any
traffic coming towards tacacs server. Not with running tacacs server in debug
options nor with checking tcpdump.
Thanks for your comment anyway.
:-) riku
> On 6 Oct 2022, at 18:57, Michael Butash <mich...@butash.net> wrote:
>
> I recently setup ND to work against tacacs at my current customer, the AD
> team is clueless here and takes an act of god to get a service account, so I
> said screw it to point it at our Cisco ISE for tacacs servers. Works great
> so far for me with this config:
>
> ## tacacs authentication
> tacacs:
> - { server: 'ise01.example.com', key: 'psk' }
> - { server: 'ise02.example.com', key: 'psk' }
>
> -mb
>
>
> On Thu, Oct 6, 2022 at 5:16 AM Meskanen, Riku <riku.h.meska...@jyu.fi> wrote:
> Hi,
>
> I’ve got an day old Netdisco test installation running on Debian 11, with a
> typical server setup.
>
> Linux nd3 5.10.0-18-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) x86_64
> GNU/Linux
>
> Netdisco:
> Software Version
> App::Netdisco 2.57.7
> SNMP::Info 3.89
> DB Schema 75
> PostgreSQL 13.00.8
> Perl 5.32.1
>
> Installed Netdisco yesterday using installation instructions from
> https://metacpan.org/pod/App::Netdisco
> and everything went fine. Discovering devices, nodes OK etc.
>
> Statistics for this installation
>
> 512 devices with 1,250 IPs
> 28,800 interfaces of which 13,781 are up
> 906 layer 2 links between devices
> 34,960 nodes logged, of which 19,546 are active
> 20,501 IPs logged, of which 20,405 are active
> Statistics last generated on 2022-10-06
>
> This far everything is great, but I doesn’t seem to get tacacs+
> authentication working.
>
> Tacacs server (tacacs-F4.0.4.28) has been operational long time another
> server and all devices above are configured to use it, firewall and
> tcpwrapper permitting etc to netdisco installation test server.
>
> When I add tacacs server to ~netdisco/environments/deployment.yml like
> documentation advise,
>
> - https://github.com/netdisco/netdisco/wiki/Configuration#tacacs
>
> (I did try also the multiple tacacs server config and it didn’t help either)
>
> add an user whith tacacs selected, use another browser to test it I don’t see
> any login attempts from server running Netdisco.
>
> Tcpdump doesn’t show up even attempt and of course running tacacs server in
> debug mode neither. Restarting any services etc. make no difference.
>
> Anybody got an idea what I’m missing here or didn’t understand to do or add
> so that netdisco tacacs+ would need to work. Netdisco seemenly comes with a
> self sufficient tacacs client module which doesn’t require libtacacs.so.1 etc.
>
> $ ldd
> perl5/lib/perl5/x86_64-linux-gnu-thread-multi/auto/Authen/TacacsPlus/TacacsPlus.so
> linux-vdso.so.1 (0x00007ffdf8ffc000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f72fa24a000)
> /lib64/ld-linux-x86-64.so.2 (0x00007f72fa430000)
> $
>
> Any help with this would be greatly appreciated.
>
> :-) riku
>
>
> --
> [ This .signature intentionally left blank ]
>
>
>
>
> _______________________________________________
> Netdisco mailing list
> netdisco-users@lists.sourceforge.net
> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
> _______________________________________________
> Netdisco mailing list
> netdisco-users@lists.sourceforge.net
> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
--
[ This .signature intentionally left blank ]
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
