cat common-auth-access========================## /etc/pam.d/common-auth - aut

1. cat common-auth-access
2. ========================
3. #
4. # /etc/pam.d/common-auth - authentication settings common to all services
5. #
6. # This file is included from other service-specific PAM config files,
7. # and should contain a list of the authentication modules that define
8. # the central authentication scheme for use on the system
9. # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
10. # traditional Unix authentication mechanisms.
11.  
12. # here are the per-package modules (the "Primary" block)
13. auth [success=2 default=ignore] /usr/lib/security/libpam_tacplus.so debug server=192.168.1.10 secret=tac_test namespace=/var/run/netns/swns source_ip=192.168.1.21
14. auth [success=1 default=ignore] pam_unix.so nullok
15. # here's the fallback if no module succeeds
16. auth requisite pam_deny.so
17. # prime the stack with a positive return value if there isn't one already;
18. # this avoids us returning an error just because nothing sets a success code
19. # since the modules above will each just jump around
20. auth required pam_permit.so
21. # and here are more per-package modules (the "Additional" block)
22. root@-as5712:/etc/pam.d#
23.  
24.  
25. Switching Namespace to swns
26. ===========================
27. 2016-08-19T21:22:44.710+00:00 sshd[1644]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
28. 2016-08-19T21:22:44.710+00:00 sshd[1644]: pam_sm_authenticate: user [user1] obtained
29. 2016-08-19T21:22:44.710+00:00 sshd[1644]: tacacs_get_password: called
30. 2016-08-19T21:22:44.711+00:00 sshd[1644]: tacacs_get_password: obtained password
31. 2016-08-19T21:22:44.711+00:00 sshd[1644]: pam_sm_authenticate: password obtained
32. 2016-08-19T21:22:44.711+00:00 sshd[1644]: pam_sm_authenticate: tty [ssh] obtained
33. 2016-08-19T21:22:44.711+00:00 sshd[1644]: pam_sm_authenticate: rhost [192.168.1.10] obtained
34. 2016-08-19T21:22:44.712+00:00 sshd[1644]: namespace = /var/run/netns/swns, source_ip = , len = 19
35. 2016-08-19T21:22:44.712+00:00 PAM-tacplus[1644]: switched to namespace '/var/run/netns/swns' <<<<
36. 2016-08-19T21:22:44.712+00:00 sshd[1644]: pam_sm_authenticate: trying srv 0
37.  
38.  
39. Switching Namespace to VRF red
40. ================================
41. 2016-08-19T21:45:46.145+00:00 PAM-tacplus[4883]: 1 servers defined
42. 2016-08-19T21:45:46.145+00:00 PAM-tacplus[4883]: server[0] { addr=192.168.1.10:49, key='tac_test' }
43. 2016-08-19T21:45:46.146+00:00 PAM-tacplus[4883]: tac_service=''
44. 2016-08-19T21:45:46.146+00:00 PAM-tacplus[4883]: tac_protocol=''
45. 2016-08-19T21:45:46.146+00:00 PAM-tacplus[4883]: tac_prompt=''
46. 2016-08-19T21:45:46.146+00:00 PAM-tacplus[4883]: tac_login=''
47. 2016-08-19T21:45:46.147+00:00 PAM-tacplus[4883]: tac_namespace='/var/run/netns/6af57d96-6469-446e-82cd-47febacf7d6e'
48. 2016-08-19T21:45:46.147+00:00 PAM-tacplus[4883]: tac_source_ip=''
49. 2016-08-19T21:45:46.147+00:00 sshd[4883]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
50. 2016-08-19T21:45:46.148+00:00 sshd[4883]: pam_sm_authenticate: user [user1] obtained
51. 2016-08-19T21:45:46.148+00:00 sshd[4883]: tacacs_get_password: called
52. 2016-08-19T21:45:46.149+00:00 sshd[4883]: tacacs_get_password: obtained password
53. 2016-08-19T21:45:46.149+00:00 sshd[4883]: pam_sm_authenticate: password obtained
54. 2016-08-19T21:45:46.149+00:00 sshd[4883]: pam_sm_authenticate: tty [ssh] obtained
55. 2016-08-19T21:45:46.149+00:00 sshd[4883]: pam_sm_authenticate: rhost [192.168.1.10] obtained
56. 2016-08-19T21:45:46.150+00:00 sshd[4883]: namespace = /var/run/netns/6af57d96-6469-446e-82cd-47febacf7d6e, source_ip = , len = 51
57. 2016-08-19T21:45:46.150+00:00 PAM-tacplus[4883]: switched to namespace '/var/run/netns/6af57d96-6469-446e-82cd-47febacf7d6e'
58. 2016-08-19T21:45:46.150+00:00 sshd[4883]: pam_sm_authenticate: trying srv 0
59. 2016-08-19T21:45:46.151+00:00 sshd[4883]: tacacs status: TAC_PLUS_AUTHEN_STATUS_PASS
60. 2016-08-19T21:45:46.151+00:00 sshd[4883]: pam_sm_authenticate: active srv 0
61. 2016-08-19T21:45:46.152+00:00 sshd[4883]: pam_sm_authenticate: exit with pam status: 0
62. 2016-08-19T21:45:46.152+00:00 sshd[4883]: Accepted password for user1 from 192.168.1.10 port 43727 ssh2
63. 2016-08-19T21:45:46.152+00:00 PAM-tacplus[4883]: 1 servers defined
64. 2016-08-19T21:45:46.153+00:00 PAM-tacplus[4883]: server[0] { addr=192.168.1.10:49, key='tac_test' }
65. 2016-08-19T21:45:46.153+00:00 PAM-tacplus[4883]: tac_service=''
66. 2016-08-19T21:45:46.153+00:00 PAM-tacplus[4883]: tac_protocol=''
67. 2016-08-19T21:45:46.154+00:00 PAM-tacplus[4883]: tac_prompt=''
68. 2016-08-19T21:45:46.154+00:00 PAM-tacplus[4883]: tac_login=''
69. 2016-08-19T21:45:46.155+00:00 PAM-tacplus[4883]: tac_namespace='/var/run/netns/6af57d96-6469-446e-82cd-47febacf7d6e'
70. 2016-08-19T21:45:46.155+00:00 PAM-tacplus[4883]: tac_source_ip=''
71. 2016-08-19T21:45:46.155+00:00 sshd[4883]: pam_sm_setcred: called (pam_tacplus v1.3.8)
72. 2016-08-19T21:45:46.155+00:00 sshd[4883]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
73. 2016-08-19T21:45:46.293+00:00 systemd-logind[232]: New session c6 of user user1.
74. 2016-08-19T21:45:46.296+00:00 systemd: pam_unix(systemd-user:session): session opened for user user1 by (uid=0)
75. 2016-08-19T21:45:46.327+00:00 PAM-tacplus[4902]: 1 servers defined
76. 2016-08-19T21:45:46.327+00:00 PAM-tacplus[4902]: server[0] { addr=192.168.1.10:49, key='tac_test' }
77. 2016-08-19T21:45:46.327+00:00 PAM-tacplus[4902]: tac_service=''
78. 2016-08-19T21:45:46.328+00:00 PAM-tacplus[4902]: tac_protocol=''
79. 2016-08-19T21:45:46.328+00:00 PAM-tacplus[4902]: tac_prompt=''
80. 2016-08-19T21:45:46.328+00:00 PAM-tacplus[4902]: tac_login=''
81. 2016-08-19T21:45:46.328+00:00 PAM-tacplus[4902]: tac_namespace='/var/run/netns/6af57d96-6469-446e-82cd-47febacf7d6e'
82. 2016-08-19T21:45:46.329+00:00 PAM-tacplus[4902]: tac_source_ip=''
83. 2016-08-19T21:45:46.329+00:00 sshd[4902]: pam_sm_setcred: called (pam_tacplus v1.3.8)
84.  
85.  
86. Binding source IP address
87. ==========================
88. 2016-08-19T21:30:36.556+00:00 PAM-tacplus[2770]: 1 servers defined
89. 2016-08-19T21:30:36.556+00:00 PAM-tacplus[2770]: server[0] { addr=192.168.1.10:49, key='tac_test' }
90. 2016-08-19T21:30:36.556+00:00 PAM-tacplus[2770]: tac_service=''
91. 2016-08-19T21:30:36.557+00:00 PAM-tacplus[2770]: tac_protocol=''
92. 2016-08-19T21:30:36.557+00:00 PAM-tacplus[2770]: tac_prompt=''
93. 2016-08-19T21:30:36.557+00:00 PAM-tacplus[2770]: tac_login=''
94. 2016-08-19T21:30:36.558+00:00 PAM-tacplus[2770]: tac_namespace=''
95. 2016-08-19T21:30:36.558+00:00 PAM-tacplus[2770]: tac_source_ip='192.168.1.21'
96. 2016-08-19T21:30:36.558+00:00 sshd[2770]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
97. 2016-08-19T21:30:36.558+00:00 sshd[2770]: pam_sm_authenticate: user [user1] obtained
98. 2016-08-19T21:30:36.559+00:00 sshd[2770]: tacacs_get_password: called
99. 2016-08-19T21:30:36.559+00:00 sshd[2770]: tacacs_get_password: obtained password
100. 2016-08-19T21:30:36.560+00:00 sshd[2770]: pam_sm_authenticate: password obtained
101. 2016-08-19T21:30:36.560+00:00 sshd[2770]: pam_sm_authenticate: tty [ssh] obtained
102. 2016-08-19T21:30:36.560+00:00 sshd[2770]: pam_sm_authenticate: rhost [192.168.1.10] obtained
103. 2016-08-19T21:30:36.560+00:00 sshd[2770]: namespace = , source_ip = 192.168.1.21, len = 0 <<<<<<
104. 2016-08-19T21:30:36.561+00:00 sshd[2770]: pam_sm_authenticate: trying srv 0
105. 2016-08-19T21:30:36.561+00:00 sshd[2770]: tac_connect_single: Failed to bind source address: Cannot assign requested address
106. 2016-08-19T21:30:36.561+00:00 PAM-tacplus[2770]: connection failed srv 0: Cannot assign requested address
107. 2016-08-19T21:30:36.562+00:00 PAM-tacplus[2770]: no more servers to connect
108. 2016-08-19T21:30:36.562+00:00 sshd[2770]: pam_sm_authenticate: exit with pam status: 9
109. 2016-08-19T21:30:39.121+00:00 sshd[2770]: Failed password for user1 from 192.168.1.10 port 35661 ssh2
110.  
111.  
112. 2016-08-19T21:32:03.518+00:00 sshd[2976]: namespace = , source_ip = 192.168.1.21, len = 0
113. 2016-08-19T21:32:03.518+00:00 sshd[2976]: pam_sm_authenticate: trying srv 0
114. 2016-08-19T21:32:03.519+00:00 sshd[2976]: tacacs status: TAC_PLUS_AUTHEN_STATUS_PASS
115. 2016-08-19T21:32:03.519+00:00 sshd[2976]: pam_sm_authenticate: active srv 0
116. 2016-08-19T21:32:03.519+00:00 sshd[2976]: pam_sm_authenticate: exit with pam status: 0
117. 2016-08-19T21:32:03.519+00:00 sshd[2976]: Accepted password for user1 from 192.168.1.10 port 35662 ssh2
118. 2016-08-19T21:32:03.520+00:00 PAM-tacplus[2976]: 1 servers defined
119. 2016-08-19T21:32:03.520+00:00 PAM-tacplus[2976]: server[0] { addr=192.168.1.10:49, key='tac_test' }
120. 2016-08-19T21:32:03.521+00:00 PAM-tacplus[2976]: tac_service=''
121. 2016-08-19T21:32:03.521+00:00 PAM-tacplus[2976]: tac_protocol=''
122. 2016-08-19T21:32:03.521+00:00 PAM-tacplus[2976]: tac_prompt=''
123. 2016-08-19T21:32:03.522+00:00 PAM-tacplus[2976]: tac_login=''
124. 2016-08-19T21:32:03.522+00:00 PAM-tacplus[2976]: tac_namespace=''
125. 2016-08-19T21:32:03.522+00:00 PAM-tacplus[2976]: tac_source_ip='192.168.1.21'
126. 2016-08-19T21:32:03.523+00:00 sshd[2976]: pam_sm_setcred: called (pam_tacplus v1.3.8)
127. 2016-08-19T21:32:03.523+00:00 sshd[2976]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
128. 2016-08-19T21:32:03.660+00:00 systemd: pam_unix(systemd-user:session): session opened for user user1 by (uid=0)
129. 2016-08-19T21:32:03.661+00:00 systemd-logind[232]: New session c5 of user user1.
130. 2016-08-19T21:32:03.679+00:00 PAM-tacplus[2993]: 1 servers defined
131. 2016-08-19T21:32:03.680+00:00 PAM-tacplus[2993]: server[0] { addr=192.168.1.10:49, key='tac_test' }
132. 2016-08-19T21:32:03.680+00:00 PAM-tacplus[2993]: tac_service=''
133. 2016-08-19T21:32:03.680+00:00 PAM-tacplus[2993]: tac_protocol=''
134. 2016-08-19T21:32:03.680+00:00 PAM-tacplus[2993]: tac_prompt=''
135. 2016-08-19T21:32:03.681+00:00 PAM-tacplus[2993]: tac_login=''
136. 2016-08-19T21:32:03.681+00:00 PAM-tacplus[2993]: tac_namespace=''
137. 2016-08-19T21:32:03.681+00:00 PAM-tacplus[2993]: tac_source_ip='192.168.1.21'
138. 2016-08-19T21:32:03.682+00:00 sshd[2993]: pam_sm_setcred: called (pam_tacplus v1.3.8)
139.  
140.  
141. Logs on the Tacacs Server
142. ==========================
143. Aug 23 15:59:20 centos44180 tac_plus[4671]: connect from 192.168.1.20 [192.168.1.20]
144. Aug 23 16:00:24 centos44180 tac_plus[4729]: connect from 192.168.1.20 [192.168.1.20]
145. Aug 23 16:04:45 centos44180 tac_plus[4815]: connect from 192.168.1.20 [192.168.1.20]
146. Aug 23 16:11:03 centos44180 tac_plus[4934]: connect from 192.168.1.21 [192.168.1.21]