Nested Active directory security groups

Abhiram MB

unread,

Nov 11, 2013, 5:03:13 AM11/11/13

to event-driv...@googlegroups.com

Hi,

I have installed a new tac_plus server and it is all working fine. I am using Active directory authentication and users who are added to the tacacsadmin group in active directory have admin rights.

Now I have a requirement wherein I do not want to add the users directly to the tacacsadmin group. I want to add some of the existing Distribution groups/Security groups in my AD to the tacacsadmin group. My problem is this is not working. Does tacacs allow nested groups in AD? Should it be only security groups or is it security/distribution groups?

I would like to let mention that I am very new to both Linux and networking but I can try any suggestions since this is not a production server.

Marc Huber

unread,

Nov 11, 2013, 5:23:45 AM11/11/13

to event-driv...@googlegroups.com

Hi Abhiram,

On Monday, November 11, 2013 11:03:13 AM UTC+1, Abhiram MB wrote:

Does tacacs allow nested groups in AD? Should it be only security groups or is it security/distribution groups?

mavis module = external {
   exec = .../mavis_tacplus_ads.pl
   setenv EXPAND_AD_GROUP_MEMBERSHIP = 1
   ...
}

should allow for nested (security) groups. I don't believe that distribution groups would work (IIRC these are equivalent to mailing lists).

Cheers,

Marc

Abhiram MB

unread,

Nov 11, 2013, 5:57:10 AM11/11/13

to event-driv...@googlegroups.com

Hi Marc,

That worked.. Thanks a lot!!!!

Reply all

Reply to author

Forward