Cacti - TACACS+ Authentication

Anything that you think should be in Cacti.

Moderators: Developers, Moderators

msw1970
Cacti User
Posts: 206
Joined: Tue Jan 09, 2007 8:28 am
Location: London, UK

Cacti - TACACS+ Authentication

Post by msw1970 »

Has anyone considered extending the current authentication methods to include TACACS+ Authentication for users. Currently we heavily use TACACS+ to control access onto our switches... It would be great to be able to extend the group structure we have within our TACACS+ server to control who can do what and which graphs they have the rights to see.
User avatar
rony
Developer/Forum Admin
Posts: 6022
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

Post by rony »

If you use the Web Basic authentication in Cacti and then setup Apache to use Radius authentication for your Cacti directory, you should get the desired effect.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
User avatar
TheWitness
Developer
Posts: 17007
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

In the latest PIA, you can define your own authentication methods. I can send you reference code. That way you can write a tacacs_auth plugin that provides your authentication services.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
zuessi
Posts: 30
Joined: Mon Sep 13, 2004 3:06 pm
Location: Switzerland

Post by zuessi »

I would be very interested of such an integration!

Thanks for your great work
Zuessi
jfarese
Posts: 31
Joined: Wed Dec 06, 2006 8:45 am

Post by jfarese »

are you using ACS as the backend server.. if so use authxradius in apache with web basic auth and have it authenticate against the radius side of the ACS server.. This is how we do it and it works great.
User avatar
TheWitness
Developer
Posts: 17007
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

I think the apache mod should be enough. So you concur, or would you still ike the guidance?

Regards,

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
msw1970
Cacti User
Posts: 206
Joined: Tue Jan 09, 2007 8:28 am
Location: London, UK

Post by msw1970 »

TheWitness wrote:I think the apache mod should be enough. So you concur, or would you still ike the guidance?

Regards,

TheWitness
I'm going to give the apache mod a try and see if that works. I'm currently in the process of building a new server for Cacti as the one I've got it on is starting to chugg... It's only got 512Mb ram and I've now got approx 700 devices and 4,500 data sources on it, so I'll try it on that when I've got it working....

Takes a while to get a server setup though once you've jumped through all the hoops our security department insist on!!!
User avatar
TheWitness
Developer
Posts: 17007
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

You need more RAM. Do a "du -sk /var/www/htm/cacti/rra". You need at least 500mb more than it reports to realy get Cacti to scream.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
msw1970
Cacti User
Posts: 206
Joined: Tue Jan 09, 2007 8:28 am
Location: London, UK

Post by msw1970 »

TheWitness wrote:You need more RAM. Do a "du -sk /var/www/htm/cacti/rra". You need at least 500mb more than it reports to realy get Cacti to scream.

TheWitness
New server's gonna be a virtual server with 2 CPU's and 2Gb ram so should be enough!!
sansk115
Posts: 14
Joined: Thu Jul 24, 2008 5:08 am

I need the code for RADIUS Plugin

Post by sansk115 »

All experts in RADIUS mode, I really novice for cacti but really want to authen cacti with external RADIUS server. Could some of experts provide me the guidline for implement it.


THanks in advance
User avatar
claymen
Cacti User
Posts: 259
Joined: Mon Aug 18, 2008 4:30 am
Location: Australia
Contact:

Post by claymen »

TheWitness wrote:In the latest PIA, you can define your own authentication methods. I can send you reference code. That way you can write a tacacs_auth plugin that provides your authentication services.

TheWitness
Hey mate, can you send some of that info and reference code my way. I may need to look at building a custom auth module to accomplish the auth setup I want. Any help would be greatly appreciated.
User avatar
TheWitness
Developer
Posts: 17007
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

Sent you a PM.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
ponwude
Posts: 4
Joined: Sat Oct 03, 2009 2:17 am

Cacti Radius Authentication

Post by ponwude »

Hi All,

I am new to this forum.... I have being trying for a while now to use Cisco ACS for Authentication in cacti. i have compiled and installed mod_auth_xradius for apache and it prompts me for a username and password but it never authenticates.

Any help would be greatly appreciated.

Paul
User avatar
TheWitness
Developer
Posts: 17007
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

You may have to turn up logging with the module to get at the root of this problem. The issue is not with Cacti, but with the Radius module. Could be SSH related, or certificate related. Definately configuration. Good luck with it. Once you have the password validation working, the Cacti will simply go along for the ride.

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Seiya
Posts: 1
Joined: Fri Jan 05, 2007 8:36 am

Post by Seiya »

Hello,

I have set up the mod_auth_radius (freeradius) on apache, modified the httpd.conf and all accordingly and it works fine :)
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests