|
|
| Author |
Message |
msw1970
Cacti User
Joined: 09 Jan 2007
Posts: 153
|
 Posted: Wed May 28, 2008 5:07 pm Post subject: Cacti - TACACS+ Authentication |
 |
|
| Has anyone considered extending the current authentication methods to include TACACS+ Authentication for users. Currently we heavily use TACACS+ to control access onto our switches... It would be great to be able to extend the group structure we have within our TACACS+ server to control who can do what and which graphs they have the rights to see. |
|
| Back to top |
|
 |
rony
Developer/Forum Admin
Joined: 17 Nov 2003
Posts: 5453
Location: Wisconsin, USA
|
| Posted: Thu May 29, 2008 8:53 am Post subject: |
|
|
| If you use the Web Basic authentication in Cacti and then setup Apache to use Radius authentication for your Cacti directory, you should get the desired effect. |
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9697
Location: MI, USA
|
| Posted: Thu May 29, 2008 8:32 pm Post subject: |
|
|
In the latest PIA, you can define your own authentication methods. I can send you reference code. That way you can write a tacacs_auth plugin that provides your authentication services.
TheWitness |
|
| Back to top |
|
|
zuessi
Joined: 13 Sep 2004
Posts: 14
Location: Switzerland
|
| Posted: Wed Jun 04, 2008 3:09 am Post subject: |
|
|
I would be very interested of such an integration!
Thanks for your great work
Zuessi |
|
| Back to top |
|
|
jfarese
Joined: 06 Dec 2006
Posts: 22
|
| Posted: Fri Jun 06, 2008 1:32 pm Post subject: |
|
|
| are you using ACS as the backend server.. if so use authxradius in apache with web basic auth and have it authenticate against the radius side of the ACS server.. This is how we do it and it works great. |
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9697
Location: MI, USA
|
| Posted: Sat Jun 07, 2008 1:03 pm Post subject: |
|
|
I think the apache mod should be enough. So you concur, or would you still ike the guidance?
Regards,
TheWitness |
|
| Back to top |
|
|
msw1970
Cacti User
Joined: 09 Jan 2007
Posts: 153
|
| Posted: Sat Jun 07, 2008 1:06 pm Post subject: |
|
|
| TheWitness wrote: | I think the apache mod should be enough. So you concur, or would you still ike the guidance?
Regards,
TheWitness |
I'm going to give the apache mod a try and see if that works. I'm currently in the process of building a new server for Cacti as the one I've got it on is starting to chugg... It's only got 512Mb ram and I've now got approx 700 devices and 4,500 data sources on it, so I'll try it on that when I've got it working....
Takes a while to get a server setup though once you've jumped through all the hoops our security department insist on!!! |
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9697
Location: MI, USA
|
| Posted: Sat Jun 07, 2008 1:37 pm Post subject: |
|
|
You need more RAM. Do a "du -sk /var/www/htm/cacti/rra". You need at least 500mb more than it reports to realy get Cacti to scream.
TheWitness |
|
| Back to top |
|
|
msw1970
Cacti User
Joined: 09 Jan 2007
Posts: 153
|
| Posted: Sat Jun 07, 2008 1:41 pm Post subject: |
|
|
| TheWitness wrote: | You need more RAM. Do a "du -sk /var/www/htm/cacti/rra". You need at least 500mb more than it reports to realy get Cacti to scream.
TheWitness |
New server's gonna be a virtual server with 2 CPU's and 2Gb ram so should be enough!! |
|
| Back to top |
|
|
sansk115
Joined: 24 Jul 2008
Posts: 8
|
| Posted: Fri Oct 17, 2008 5:47 pm Post subject: I need the code for RADIUS Plugin |
|
|
All experts in RADIUS mode, I really novice for cacti but really want to authen cacti with external RADIUS server. Could some of experts provide me the guidline for implement it.
THanks in advance |
|
| Back to top |
|
|
claymen
Joined: 18 Aug 2008
Posts: 9
Location: Australia
|
| Posted: Mon Oct 27, 2008 1:22 am Post subject: |
|
|
| TheWitness wrote: | In the latest PIA, you can define your own authentication methods. I can send you reference code. That way you can write a tacacs_auth plugin that provides your authentication services.
TheWitness |
Hey mate, can you send some of that info and reference code my way. I may need to look at building a custom auth module to accomplish the auth setup I want. Any help would be greatly appreciated. |
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9697
Location: MI, USA
|
| Posted: Wed Oct 29, 2008 7:03 pm Post subject: |
|
|
Sent you a PM.
TheWitness |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
