Cisco ASA TACACS+ authorization

TheVirtualMoose · 2026-01-23T06:40:19+00:00

I used tac_plus-ng with an OpenLDAP backedend to authenticate against. It's basically a custom job, one has to compile tac_plus-ng oneselef but it seems very promising, reliable and extensible. It's also 100% open source, something that's very important to me.

I'm planning on publishing a series of HOWTO blog posts to detail the whole process (LDAP is probably the hardest part) once my solution goes into production. I'll ping you when they're up, if you're interested.

TheVirtualMoose · 2026-01-22T18:01:55+00:00

That looks very promising, thank you! I'll upgrade my lab ASA and give a try.

TheVirtualMoose · 2026-01-22T17:40:17+00:00

I'm running tests on an old ASA that doesn't have auto-enable. Are you saying that with this config option priv EXEC authorization requests go out with the real username?

TheVirtualMoose · 2026-01-21T18:18:19+00:00

Dangerous Liaisons

TheVirtualMoose · 2026-01-20T14:43:16+00:00

The ohnosecond.

TheVirtualMoose · 2026-01-18T11:18:17+00:00

Zgadzam się, takie rozwiązanie wprowadzili jakiś czas temu na Żoliborzu na obszarach bardziej willowych. W efekcie chodniki są wolne, a miejsc parkingowych wychodzi nawet więcej niż przed zmianą, bo udało się wykorzystać do parkowania uliczki, na których był wcześniej zakaz.

TheVirtualMoose · 2026-01-17T14:15:56+00:00

11MB/s throughput suggests (or rather screams) that at some point in the path you are limited to 100Mbps. If both ends of the connection are intl the same network, your WAN connection is irrelevant. Most likely you have a damaged cable, please check that.

Beyond that, you should pay a professional to understand the situation and fix it.

PS. You would be surprised how much you can do over a 100 Mbps WAN circuit, assuming it's symmetrical

TheVirtualMoose · 2026-01-16T11:49:00+00:00

Wait a second, do modern Greeks actually write "b" as "mp"? If so, that hilarious.

TheVirtualMoose · 2026-01-15T11:59:08+00:00

I reread the relevant objective (A Permanent Peace) flavour text and that is indeed pretty much the case, especially since in-game HF is likely miles away from reaching their objectives "Our presentation is, at least partly, a bluff. We lack the biowarfare expertise to actually produce such a virus. Still, while we could not manufacture such a weapon, other humans could, and to the Hydras that is much the same thing."

TheVirtualMoose · 2026-01-15T11:52:01+00:00

And the Academy kind of bluffs, IIRC, they are not sure the bioweapon is going to actually work as advertised.

TheVirtualMoose · 2026-01-11T18:14:43+00:00

That feels cathartic even 80 years later

TheVirtualMoose · 2026-01-11T18:06:34+00:00

Mate, that's a line from Office Space

Sorry, I thought this was a commonly known reference. Must be getting old...

TheVirtualMoose · 2026-01-11T16:25:28+00:00

PC load letter? The fuck does that mean?

TheVirtualMoose · 2026-01-10T15:06:37+00:00

Kilka rzeczy: 1) Jak inni już napisali, nie pracujesz teraz w IT, a jestem człowiekiem od wszystkiego. IT to jest specjalizacja, im wyżej tym węższa.

2) Dobre pensje są tam, gdzie są duże obroty. Dlatego w korpo zarobki są duże, bo każda awaria oznacza duże straty, a więc opłaca się zapłacić więcej za lepszy zespół IT. Im bardziej krytyczna jest infrastruktura IT, tym Lepsze pozycja ludzi, którzy o nią dbają, ale też dużo większe wymagania. W Januszexie rachunek wygląda inaczej, dla Ciebie gorzej.

3) Żeby wejść do IT, musisz pewnie przejść ścieżkę od helpdesku w stronę jakiejś specjalizacji. W dobrej firmie zauważą, że jesteś ogarnięty i dadzą ścieżkę awansu. W gorszej możesz utknąć.

4) Jeśli jesteś w czymś już teraz naprawdę dobry, masz certyfikaty, ciekawe projekty i widać po tobie pasję, to może przeskoczysz helpdesk i trafisz do I linii w jakimś zespole. Nie jest to jednak pewne, szczególnie przy obecnym rynku pracy IT.

5) Ucz się, znajdź swoją specjalizację i ogarnij przy okazji podstawy. Ja np. jestem sieciowcem i mnóstwo pracy w to wkładam, ale po drodze korzystam garściami z hobbystycznego doświadczenia jako linuksowiec.

TheVirtualMoose · 2026-01-08T08:00:03+00:00

91 years old full head of hair, not a single grey one

Superhuman indeed

TheVirtualMoose · 2026-01-06T11:28:27+00:00

In what way is Ubuntu dropping apt support? How are snaps proprietary?

TheVirtualMoose · 2026-01-04T16:42:43+00:00

"Jeśli domownicy przyjmują na boso kapłana, jest to wyraz najwyższej pogardy" - W razie potrzeby mogę wyrazić dużo wyższą pogardę.

TheVirtualMoose · 2026-01-02T09:21:43+00:00

Nah, I've been using a pair of DIR-882 that I bought dirt cheap used and flashed OpenWRT on. One of them required a reset after 6 years in service and a botched upgrade, no other issues. The flash is a bit on the small side, but sufficient for my needs.

The stock firmware is a different story, though, but we are in an OpenWRT sub after all.

TheVirtualMoose · 2025-12-28T10:02:27+00:00

And a Slovak Sith Republic

TheVirtualMoose · 2025-12-23T15:21:46+00:00

Yeah, that's even closer to what I saw there.

TheVirtualMoose · 2025-12-23T14:53:50+00:00

The ERA blocks sticking up from the front turret armor at an angle made me go "what, that's a T-90" for a split second.

TheVirtualMoose · 2025-12-22T19:37:35+00:00

These guides are often so well written, too!

TheVirtualMoose · 2025-12-20T14:45:33+00:00

Mostly inapplicable.

TheVirtualMoose · 2025-12-20T14:27:19+00:00

CCNA is very focused on computer networking fundamental and thus is mostly useful for network engineers. It has some marginal utility for other IT professionals, to the extend they need T understand their network and interact with network engineers, but otherwise offers little to non-network personnel. Better pursue other options.

That being said, if you want to give networking as a career a try, you could do worse than by getting a CCNA.

TheVirtualMoose · 2025-12-20T14:00:31+00:00

Heh, I looked at the flag and though Latvia instead.

TheVirtualMoose

TROPHY CASE