Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Custom Application to set/get TACACS+ information a User

Hi,

I have to develop a custom application that sets/gets TACACS+ information for a particular user profile.

I was able to set values in "TACACS+ Enable Control" form and "TACACS+ Enable Password" form using action code 105.

But I am not able to set "Use separate password" flag and separate password in "TACACS+ Enable Password" form,

and TACACS+ Outbound Password . Can somebody give me the actioncodes and show how the entries in accountactions.csv file

will look for the mentioned operations that is:

1) to update TACACS+ outbound password, and

2) to set "Use separate password" flag and separate password in "TACACS+ Enable Password" form

My next question would be:

How do we retrive TACACS+ outbound password and attribute values in "TACACS+ Enable Password" form dump.txt

I was able to retrieve values for attributes in TACACS+ Enable Password" form

Following is a sample entry in dump.txt for these attributes:

App01 enable_passwd ESTRING 0x0018 6a 35 9b 76 ce c3 81 9c 6d 1c d5 41 06 1a 4e 07 92 8d 50 06 de d4 2a 89

App01 max_priv STRING 0,3 (used for attributes in TACACS+ Enable Password" form)

App01 max_priv_LENGTH INTEGER 3

I also checked the link:http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/user/guide/ag.html

But I did not find satisfactory information.

Please reply ASAP, your help will be most appreciated.

Ravi

1 REPLY
Silver

Re: Custom Application to set/get TACACS+ information a User

Action code 105 *should* do everything needed to get the enable password set to your value.

If it doesnt then its a bug in RDBMS sync.

Passwords in ACS are encrypted and you cant extract them - by design.

Darran

129
Views
0
Helpful
1
Replies