Christopher McCrory
2008-08-05 18:25:49 UTC
Hello...
I have been using rancid for a while on our core network equipment.
I'd like to add a bunch of access layer switches ( 2960s/3560s) to my
rancid setup. Very few people have access to my core equipment so I
have not had the need to set up tacacs/radius/kerberos auth. Does
anyone have a cookie cutter radius ( freeradius) config to restrict a
rancid user to the minimum required commands to function? (I can setup
the radius part, it is the command restriction that is stumping me)
I googled around and looked through my list archives, but could not find
much info. The closest I could find was
http://wiki.freeradius.org/Cisco#Command_Authorization where the
restrict 'show' was broken by cisco.
Thanks for any help.
I have been using rancid for a while on our core network equipment.
I'd like to add a bunch of access layer switches ( 2960s/3560s) to my
rancid setup. Very few people have access to my core equipment so I
have not had the need to set up tacacs/radius/kerberos auth. Does
anyone have a cookie cutter radius ( freeradius) config to restrict a
rancid user to the minimum required commands to function? (I can setup
the radius part, it is the command restriction that is stumping me)
I googled around and looked through my list archives, but could not find
much info. The closest I could find was
http://wiki.freeradius.org/Cisco#Command_Authorization where the
restrict 'show' was broken by cisco.
Thanks for any help.
--
Christopher McCrory
"The guy that keeps the servers running"
To the optimist, the glass is half full.
To the pessimist, the glass is half empty.
To the engineer, the glass is twice as big as it needs to be.
Christopher McCrory
"The guy that keeps the servers running"
To the optimist, the glass is half full.
To the pessimist, the glass is half empty.
To the engineer, the glass is twice as big as it needs to be.