Cacti - TACACS+ Authentication

Anything that you think should be in Cacti.

Moderators: Moderators, Developers

Author
Message
msw1970
Cacti User
Posts: 206
Joined: Tue Jan 09, 2007 8:28 am
Location: London, UK

Cacti - TACACS+ Authentication

#1 Post by msw1970 » Wed May 28, 2008 5:07 pm

Has anyone considered extending the current authentication methods to include TACACS+ Authentication for users. Currently we heavily use TACACS+ to control access onto our switches... It would be great to be able to extend the group structure we have within our TACACS+ server to control who can do what and which graphs they have the rights to see.

User avatar
rony
Developer/Forum Admin
Posts: 6016
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

#2 Post by rony » Thu May 29, 2008 8:53 am

If you use the Web Basic authentication in Cacti and then setup Apache to use Radius authentication for your Cacti directory, you should get the desired effect.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]

User avatar
TheWitness
Developer
Posts: 14804
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#3 Post by TheWitness » Thu May 29, 2008 8:32 pm

In the latest PIA, you can define your own authentication methods. I can send you reference code. That way you can write a tacacs_auth plugin that provides your authentication services.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

zuessi
Posts: 30
Joined: Mon Sep 13, 2004 3:06 pm
Location: Switzerland

#4 Post by zuessi » Wed Jun 04, 2008 3:09 am

I would be very interested of such an integration!

Thanks for your great work
Zuessi

jfarese
Posts: 31
Joined: Wed Dec 06, 2006 8:45 am

#5 Post by jfarese » Fri Jun 06, 2008 1:32 pm

are you using ACS as the backend server.. if so use authxradius in apache with web basic auth and have it authenticate against the radius side of the ACS server.. This is how we do it and it works great.

User avatar
TheWitness
Developer
Posts: 14804
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#6 Post by TheWitness » Sat Jun 07, 2008 1:03 pm

I think the apache mod should be enough. So you concur, or would you still ike the guidance?

Regards,

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

msw1970
Cacti User
Posts: 206
Joined: Tue Jan 09, 2007 8:28 am
Location: London, UK

#7 Post by msw1970 » Sat Jun 07, 2008 1:06 pm

TheWitness wrote:I think the apache mod should be enough. So you concur, or would you still ike the guidance?

Regards,

TheWitness
I'm going to give the apache mod a try and see if that works. I'm currently in the process of building a new server for Cacti as the one I've got it on is starting to chugg... It's only got 512Mb ram and I've now got approx 700 devices and 4,500 data sources on it, so I'll try it on that when I've got it working....

Takes a while to get a server setup though once you've jumped through all the hoops our security department insist on!!!

User avatar
TheWitness
Developer
Posts: 14804
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#8 Post by TheWitness » Sat Jun 07, 2008 1:37 pm

You need more RAM. Do a "du -sk /var/www/htm/cacti/rra". You need at least 500mb more than it reports to realy get Cacti to scream.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

msw1970
Cacti User
Posts: 206
Joined: Tue Jan 09, 2007 8:28 am
Location: London, UK

#9 Post by msw1970 » Sat Jun 07, 2008 1:41 pm

TheWitness wrote:You need more RAM. Do a "du -sk /var/www/htm/cacti/rra". You need at least 500mb more than it reports to realy get Cacti to scream.

TheWitness
New server's gonna be a virtual server with 2 CPU's and 2Gb ram so should be enough!!

sansk115
Posts: 14
Joined: Thu Jul 24, 2008 5:08 am

I need the code for RADIUS Plugin

#10 Post by sansk115 » Fri Oct 17, 2008 5:47 pm

All experts in RADIUS mode, I really novice for cacti but really want to authen cacti with external RADIUS server. Could some of experts provide me the guidline for implement it.


THanks in advance

User avatar
claymen
Cacti User
Posts: 259
Joined: Mon Aug 18, 2008 4:30 am
Location: Australia
Contact:

#11 Post by claymen » Mon Oct 27, 2008 1:22 am

TheWitness wrote:In the latest PIA, you can define your own authentication methods. I can send you reference code. That way you can write a tacacs_auth plugin that provides your authentication services.

TheWitness
Hey mate, can you send some of that info and reference code my way. I may need to look at building a custom auth module to accomplish the auth setup I want. Any help would be greatly appreciated.

User avatar
TheWitness
Developer
Posts: 14804
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#12 Post by TheWitness » Wed Oct 29, 2008 7:03 pm

Sent you a PM.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

ponwude
Posts: 4
Joined: Sat Oct 03, 2009 2:17 am

Cacti Radius Authentication

#13 Post by ponwude » Sat Oct 03, 2009 2:27 am

Hi All,

I am new to this forum.... I have being trying for a while now to use Cisco ACS for Authentication in cacti. i have compiled and installed mod_auth_xradius for apache and it prompts me for a username and password but it never authenticates.

Any help would be greatly appreciated.

Paul

User avatar
TheWitness
Developer
Posts: 14804
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

#14 Post by TheWitness » Wed Oct 07, 2009 7:49 am

You may have to turn up logging with the module to get at the root of this problem. The issue is not with Cacti, but with the Radius module. Could be SSH related, or certificate related. Definately configuration. Good luck with it. Once you have the password validation working, the Cacti will simply go along for the ride.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of MacTrack, Boost, CLog, SpikeKill, Platform RTM, DSStats, maintainer of Spine, lot's of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Central Plugin Repository
Central Templates Repository


I'm still out there people. Getting excited for Cacti 1.2. I think it will be a great release.

Seiya
Posts: 1
Joined: Fri Jan 05, 2007 8:36 am

#15 Post by Seiya » Thu Oct 22, 2009 8:40 am

Hello,

I have set up the mod_auth_radius (freeradius) on apache, modified the httpd.conf and all accordingly and it works fine :)

Post Reply