Tacacs Server

Installing TACACS+ Server in Ubuntu 16.10:

Source: blog.marquis.co

Installing the binaries: sudo apt-get install freeradius

To find out location of the configuration file and cheack if the process is running: ps -ef | grep tac_plus

Below daemons are important components of TACACS:
 * tac_plus is the TACACS+ daemon. You can run daemon via the cli
 * tac_pwd is used to generate DES or MD5 hash from clear text. DES is the defualt, to generate a MD5 hash, add -m flag.

Back-up the original file in case of any issues: sudo cp /etc/tacacs+/tac_plus.conf /etc/tacacs+/tac_plus.conf.old

Create the accounting file: sudo touch /var/log/tac_plus.acct

Generate the DES password key from plain text password: aman@ubuntu:~$ tac_pwd Password to be encrypted: pwd@123 vKW4pcsmfuAv6

Or Generate the MD5 key: aman@ubuntu:~$ tac_pwd -m Password to be encrypted: pwd@123 $1$e1$TNezYxFMYdjywwJwefEAv/

Edit the config file to add users, groups & generated passwords: sudo nano /etc/tacacs+/tac_plus.conf

The file should look similar to below config: accounting file = /var/log/tac_plus.acct

key = testing123
 * 1) This is the key that clients have to use to access Tacacs+

user = test { name = "Test User" member = staff login = des vKW4pcsmfuAv6 }

user = aman { name = "Amandeep Singh" member = admin login = des vKW4pcsmfuAv6 }

group = admin { default service = permit service = exec { priv_lvl = 15 }       }

group = staff { service = exec { priv-lvl = 15 }       cmd = show { permit .* }       cmd = write { permit term }       cmd = dir { permit .* }       cmd = admin { permit .* }       cmd = terminal { permit .* }       cmd = more { permit .* }       cmd = exit { permit .* }       cmd = logout { permit .* } }


 * References