Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: Netdisco & TACACS+ issue (Meskanen, Riku)
2. Re: Netdisco & TACACS+ issue (Meskanen, Riku)
3. Re: Netdisco & TACACS+ issue (Oliver Gorwits)
--- Begin Message ---
Hi,
> On 6 Oct 2022, at 20:35, Oliver Gorwits <oli...@cpan.org> wrote:
>
> Hi Riku
>
> Interesting that you get no debug messages at all.
I do get debug messages, a lot of them in backend log and most of them
scheduling etc.
But nothing at logs relevant to login attempts as far I can see.
> In the code, the only path which is quiet is the one where either the
> Netdisco web user does not have the "tacacs" auth box ticked, or the config
> is somehow wonky. Can you try:
>
> ~/bin/netdisco-do dumpconfig -e tacacs
>
> It should show the config as you expect? Also double check you did tick
> tacacs option for the web users.
netdisco@xxxxxxxx:~$ ~/bin/netdisco-do dumpconfig -e tacacs
[154066] 2022-10-06 17:46:41 info App::Netdisco version 2.057007 loaded.
[154066] 2022-10-06 17:46:41 info dumpconfig: started at Thu Oct 6 20:46:41
2022
[
[0] "Host",
[1] “xxxxx.cc.jyu.fi",
[2] "Key",
[3] “xxxxxxxxxxxx",
[4] "Port",
[5] "tacacs",
[6] "Timeout",
[7] 15
]
[154066] 2022-10-06 17:46:41 info dumpconfig: finished at Thu Oct 6 20:46:41
2022
[154066] 2022-10-06 17:46:41 info dumpconfig: status done: Dumped config
netdisco@xxxxxxxx:~$
Both tacacs server and this netdisco test server share same subnet. I can get
telnet connection from netdisco server to tacacs server port 49 fine. There is
plenty of free disk available, dns OK (also reverse). This is a well managed
network, have been past 25 years :)
Turning of apparmor does no difference either, tried that also as Debian 11
ships with a /etc/apparmor.d/abtractions/perl too.
> Thanks for using Netdisco :)
Thanks for yourselves and whole Netdisco team. We have been using Netdisco
since 2006 and lurking list almost as long. I just haven’t had time to upgrade
this rewritten version before this, but did quite bit of hacking to that old
version years ago to get it do what needed.
:-) riku
--
[ This .signature intentionally left blank ]
--- End Message ---
--- Begin Message ---
> On 6 Oct 2022, at 20:50, Michael Butash <mich...@butash.net> wrote:
>
> You're tagging your user for tacacs under admin users too right? The user
> has to exist first, and set to use tacacs there.
Yes, I’ve done that. Ticked [x] TACACS+ Auth and [x] Administrator. Password
left empty, and I get:
"Incorrect username or password, please try again."
> It won't dynamically enter users, for better or worse.
Nope, I did not expect that as that was quite obvious while seeing how thing
are set up under User Management.
:-) riku
--
[ This .signature intentionally left blank ]
--- End Message ---
--- Begin Message ---
Thanks Riku
OK so the config look fine. Michael mentioning the tickbox reminded me that
you should also NOT have LDAP or RADIUS options selected if you have RADIUS
one selected. They are all mutually exclusive (so it should be drop-down
really, I will open us a ticket).
If you want to add debug messages, you can find this file in ~/perl
: App/Netdisco/Web/Auth/Provider/DBIC.pm
and just copy the debug lines around, you should see them and the Tacacs
code.
You only need to look at the web logs not the backend logs, this is all in
the web frontend only.
regards
Oliver.
On Thu, 6 Oct 2022 at 19:16, Meskanen, Riku <riku.h.meska...@jyu.fi> wrote:
> Hi,
>
> > On 6 Oct 2022, at 20:35, Oliver Gorwits <oli...@cpan.org> wrote:
> >
> > Hi Riku
> >
> > Interesting that you get no debug messages at all.
>
> I do get debug messages, a lot of them in backend log and most of them
> scheduling etc.
> But nothing at logs relevant to login attempts as far I can see.
>
> > In the code, the only path which is quiet is the one where either the
> Netdisco web user does not have the "tacacs" auth box ticked, or the config
> is somehow wonky. Can you try:
> >
> > ~/bin/netdisco-do dumpconfig -e tacacs
> >
> > It should show the config as you expect? Also double check you did tick
> tacacs option for the web users.
>
> netdisco@xxxxxxxx:~$ ~/bin/netdisco-do dumpconfig -e tacacs
> [154066] 2022-10-06 17:46:41 info App::Netdisco version 2.057007 loaded.
> [154066] 2022-10-06 17:46:41 info dumpconfig: started at Thu Oct 6
> 20:46:41 2022
> [
> [0] "Host",
> [1] “xxxxx.cc.jyu.fi",
> [2] "Key",
> [3] “xxxxxxxxxxxx",
> [4] "Port",
> [5] "tacacs",
> [6] "Timeout",
> [7] 15
> ]
> [154066] 2022-10-06 17:46:41 info dumpconfig: finished at Thu Oct 6
> 20:46:41 2022
> [154066] 2022-10-06 17:46:41 info dumpconfig: status done: Dumped config
> netdisco@xxxxxxxx:~$
>
> Both tacacs server and this netdisco test server share same subnet. I can
> get telnet connection from netdisco server to tacacs server port 49 fine.
> There is plenty of free disk available, dns OK (also reverse). This is a
> well managed network, have been past 25 years :)
>
> Turning of apparmor does no difference either, tried that also as Debian
> 11 ships with a /etc/apparmor.d/abtractions/perl too.
>
> > Thanks for using Netdisco :)
>
> Thanks for yourselves and whole Netdisco team. We have been using Netdisco
> since 2006 and lurking list almost as long. I just haven’t had time to
> upgrade this rewritten version before this, but did quite bit of hacking to
> that old version years ago to get it do what needed.
>
> :-) riku
>
> --
> [ This .signature intentionally left blank ]
>
>
>
>
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
