tac_plus-ng welcome banner has multi-lines ,how to set

[Event-Driven Servers]

Hello Every one, 

i am new comer of tac_plus-ng, for the fresh setting of the conf, but if the welcome banner text was multi-lines, how can i set. like below:

welcome banner = "Welcome to TACACS \n
--------------------------------------------------
                W A R N I N G
--------------------------------------------------
Unauthorized access prohibited
Authorized access only
This system is the property of COMPANY
if need help Contact NE|NA .\n"

but it show the fatal error

0814: etc/mavis/sample/tac_plus-ng.cfg:126: Expected 'address', 'anonymous-enable', 'augmented-enable', 'authentication', 'bug', 'connection', 'context', 'debug', 'device', 'enable', 'host', 'key', 'motd', 'pap', 'parent', 'permit', 'reject', 'rewrite', 'script', 'single-connection' or 'welcome', but got '-------------------------------------------------"'

and one more question, in the tac_plus-ng,  there is no "failed authentication banner", is there some message type that can support the same function? thanks. 

[Marc Huber]

Hi,

multi-line banners work just fine for me (and that includes the sample welcome banner you've posted). Please provide a minimal configuration file that lets me reproduce this issue.

Regarding the "failed authentication banner": That's no longer available, but I consider re-adding it.

Cheers,

Marc

--
You received this message because you are subscribed to the Google Groups "Event-Driven Servers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to event-driven-ser...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/event-driven-servers/a6f8b0ad-8038-4779-890f-4600aba6c662n%40googlegroups.com.

[cmin...@gmail.com]

hi  Marc

there is my tac_plus-ng version：Version 55628788379769f0b4b566965ae265f87f75c09e

attachment is my tac_plus-ng config file. 

[cmin...@gmail.com]

Hi Marc,

I re-pull from git and then the multi-line banner is normal for now. thanks for your help.

[Marc Huber]

Hi,

that priv level is taken from the first packet of the TACACS+ authentication session, it's unrelated to authorization at this point.

Cheers,

Marc

On 20.09.2023 10:07, cmin...@gmail.com wrote:

Hi Marc,

I also re-pull from git, the tac_plus-ng is the newest version.

 tac_plus-ng version is : Version 5c50a05e870236ec72ba783de51bdab67bd27007

I am so sorry,  I can not programming. so I always need to trouble yours in this group if I cannot find any useful with Google.  I added the "failed authentication banner"  in the config file, but I cannot see the banner when the command author failed. i can see the debug information and show the command was denied exec, but the fail banner does not show to me. There is nothing shown when the command is denied.

and I find that when I log in on Cisco ios and log in successfully, always shows my privilege is level 1, neither user in the admin group nor other groups.

like i posted config file, 

here is Cisco ios show banner: multi-line welcome banner works.

+++++++++++++++++++++++++++++
Welcome, you're coming f
                                                rom 10.0.0.13
Username: hely.chen
Password:
Your privilege level is 1    <<<< always show that tips. how does this show the corrected privilege level?


r1#show privilege
Current privilege level is 15
r1#

++++++++++++++++++++++++++

To view this discussion on the web visit https://groups.google.com/d/msgid/event-driven-servers/5e2f98c0-6462-47ba-a817-bf865b71c5ddn%40googlegroups.com.

[cmin...@gmail.com]

Hi Marc

thank you very much, now the tac_plus-ng is working for me.