Logs with Tacacs ONLY user===========================Sep 1 11:45:11 ubuntu s

1. Logs with Tacacs ONLY user
2. ===========================
3.  
4. Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user sshd, TEMPLATE_USER = admin
5. Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user user1, TEMPLATE_USER = admin
6. Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: (getpwnam) user user1 not found locally
7. Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: 1 servers defined
8. Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' }
9. Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_service=''
10. Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_protocol=''
11. Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_prompt=''
12. Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_login='pap'
13. Sep 1 11:45:11 ubuntu sshd[1731]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
14. Sep 1 11:45:11 ubuntu sshd[1731]: pam_sm_authenticate: user [user1] obtained
15. Sep 1 11:45:11 ubuntu sshd[1731]: tacacs_get_password: called
16. Sep 1 11:45:11 ubuntu sshd[1731]: tacacs_get_password: obtained password
17. Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: unable to obtain password
18. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: 1 servers defined
19. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' }
20. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_service=''
21. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_protocol=''
22. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_prompt=''
23. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_login='pap'
24. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
25. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: user [user1] obtained
26. Sep 1 11:45:15 ubuntu sshd[1731]: tacacs_get_password: called
27. Sep 1 11:45:15 ubuntu sshd[1731]: tacacs_get_password: obtained password
28. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: password obtained
29. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: tty [ssh] obtained
30. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: rhost [172.17.0.1] obtained
31. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: trying srv 0
32. Sep 1 11:45:15 ubuntu sshd[1731]: tacacs status: TAC_PLUS_AUTHEN_STATUS_PASS
33. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: active srv 0
34. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: exit with pam status: 0
35. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: success setting PAM environment
36. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_acct_mgmt: got PAM env, auth_status = success
37. Sep 1 11:45:15 ubuntu sshd[1731]: Accepted password for user1 from 172.17.0.1 port 40344 ssh2
38. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: 1 servers defined
39. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' }
40. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_service=''
41. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_protocol=''
42. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_prompt=''
43. Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_login='pap'
44. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_setcred: called (pam_tacplus v1.3.8)
45. Sep 1 11:45:15 ubuntu sshd[1731]: pam_keyinit(sshd:session): Unable to look up user "user1"
46. Sep 1 11:45:15 ubuntu sshd[1731]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
47. Sep 1 11:45:15 ubuntu sshd[1731]: pam_systemd(sshd:session): Failed to get user data.
48. Sep 1 11:45:15 ubuntu sshd[1731]: pam_systemd(sshd:session): Failed to get user data.
49. Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_open_session: got PAM env, auth_status = success
50. Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: 1 servers defined
51. Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: server[0] { addr=192.168.9.131:49, key='tac_test' }
52. Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_service=''
53. Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_protocol=''
54. Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_prompt=''
55. Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_login='pap'
56. Sep 1 11:45:15 ubuntu sshd[1745]: pam_sm_setcred: called (pam_tacplus v1.3.8)
57. Sep 1 11:45:15 ubuntu sshd[1731]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
58. Sep 1 11:45:15 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user user1, TEMPLATE_USER = admin
59. Sep 1 11:45:15 ubuntu sshd[1731]: Tacacs_Dev: (getpwnam) user user1 not found locally
60. Sep 1 11:45:15 ubuntu sshd[1731]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
61.  
62.  
63. ssh user1@<ip>
64. switch:~$
65. cat /proc/self/loginuid
66. 4294967295
67.  
68. /etc/nologin has no effect
69.  
70. Logs with local user
71. ===========================
72.  
73. Sep 1 11:55:43 ubuntu sshd[515]: pam_sm_acct_mgmt: unable to get PAM env auth_status
74. Sep 1 11:55:43 ubuntu sshd[515]: Accepted password for admin from 172.17.0.1 port 58768 ssh2
75. Sep 1 11:55:43 ubuntu sshd[515]: pam_unix(sshd:session): session opened for user admin by (uid=0)
76. Sep 1 11:55:43 ubuntu systemd: pam_unix(systemd-user:session): session opened for user admin by (uid=0)
77. Sep 1 11:55:43 ubuntu sshd[515]: pam_sm_open_session: unable to get PAM env auth_status
78. Sep 1 11:55:43 ubuntu sshd[515]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
79. Sep 1 11:55:43 ubuntu sshd[515]: Tacacs_Dev: entering getpwnam for user admin, TEMPLATE_USER = admin
80. Sep 1 11:55:43 ubuntu sshd[515]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
81.  
82. ssh admin@<ip>
83. switch:~$
84. cat /proc/self/loginuid
85. 1003
86. switch:~$
87.  
88. /etc/nologin prevents non-root users from getting logged in