I followed the quick tutorial here, but was running into an issue when attempting to authenticate. Essentially, each user is attempting to authenticate using PAP, so the below error was occurring on my FreeIPA / TACACS+ server.
pap-login query for 'test.user' unknown from f5.test.domain.com rejectedlogin failure: test.user f5.test.domain.com (192.168.1.5) unknownsession.peerip is 192.168.1.5In the tac_plus configuration file, I simply needed to define my user (test.user) in the following manner:
user = test.user{
login = PAM
pap = PAM
member = adm
}Since I am using PAM to proxy authentication requests to LDAP, via Kerberos, it was necessary to redirect the PAP request to PAM.
This is a simple fix, but it definitely consumed a couple hours to identify the root issue.
No comments:
Post a Comment