Tacacs Server

From Network Security Wiki


Installing TACACS+ Server in Ubuntu 16.10:

Source: blog.marquis.co

Installing the binaries:

sudo apt-get install tacacs+

To find out location of the configuration file and check if the process is running:

ps -ef | grep tac_plus  

Below daemons are important components of TACACS:

  • tac_plus is the TACACS+ daemon. You can run daemon via the cli
  • tac_pwd is used to generate DES or MD5 hash from clear text. DES is the defualt, to generate a MD5 hash, add -m flag.

Back-up the original file in case of any issues:

sudo cp /etc/tacacs+/tac_plus.conf /etc/tacacs+/tac_plus.conf.old

Create the accounting file:

sudo touch /var/log/tac_plus.acct

Generate the DES password key from plain text password:

aman@ubuntu:~$ tac_pwd
Password to be encrypted: pwd@123
vKW4pcsmfuAv6

Or Generate the MD5 key:

aman@ubuntu:~$ tac_pwd -m
Password to be encrypted: pwd@123
$1$e1$TNezYxFMYdjywwJwefEAv/

Edit the config file to add users, groups & generated passwords:

sudo nano /etc/tacacs+/tac_plus.conf

The file should look similar to below config:

accounting file = /var/log/tac_plus.acct

# This is the key that clients have to use to access Tacacs+
key = testing123

user = test {
    name = "Test User"
    member = staff
    login = des vKW4pcsmfuAv6
}

user = aman {
    name = "Amandeep Singh"
    member = admin
    login = des vKW4pcsmfuAv6
}

group = admin {
        default service = permit
        service = exec {
                priv_lvl = 15
                }
        }

group = staff {
        service = exec {
                priv-lvl = 15
                }
        cmd = show {
                permit .*
                }
        cmd = write {
                permit term
                }
        cmd = dir {
                permit .*
                }
        cmd = admin {
                permit .*
                }
        cmd = terminal {
                permit .*
                }
        cmd = more {
                permit .*
                }
        cmd = exit {
                permit .*
                }
        cmd = logout {
                permit .*
                }
}



References





{{#widget:DISQUS |id=networkm |uniqid=Tacacs Server |url=https://aman.awiki.org/wiki/Tacacs_Server }}