Tacacs Server
Installing TACACS+ Server in Ubuntu 16.10:
Source: blog.marquis.co
Installing the binaries:
sudo apt-get install tacacs+
To find out location of the configuration file and check if the process is running:
ps -ef | grep tac_plus
Below daemons are important components of TACACS:
- tac_plus is the TACACS+ daemon. You can run daemon via the cli
- tac_pwd is used to generate DES or MD5 hash from clear text. DES is the defualt, to generate a MD5 hash, add -m flag.
Back-up the original file in case of any issues:
sudo cp /etc/tacacs+/tac_plus.conf /etc/tacacs+/tac_plus.conf.old
Create the accounting file:
sudo touch /var/log/tac_plus.acct
Generate the DES password key from plain text password:
aman@ubuntu:~$ tac_pwd Password to be encrypted: pwd@123 vKW4pcsmfuAv6
Or Generate the MD5 key:
aman@ubuntu:~$ tac_pwd -m Password to be encrypted: pwd@123 $1$e1$TNezYxFMYdjywwJwefEAv/
Edit the config file to add users, groups & generated passwords:
sudo nano /etc/tacacs+/tac_plus.conf
The file should look similar to below config:
accounting file = /var/log/tac_plus.acct
# This is the key that clients have to use to access Tacacs+
key = testing123
user = test {
name = "Test User"
member = staff
login = des vKW4pcsmfuAv6
}
user = aman {
name = "Amandeep Singh"
member = admin
login = des vKW4pcsmfuAv6
}
group = admin {
default service = permit
service = exec {
priv_lvl = 15
}
}
group = staff {
service = exec {
priv-lvl = 15
}
cmd = show {
permit .*
}
cmd = write {
permit term
}
cmd = dir {
permit .*
}
cmd = admin {
permit .*
}
cmd = terminal {
permit .*
}
cmd = more {
permit .*
}
cmd = exit {
permit .*
}
cmd = logout {
permit .*
}
}
- References
- Further information about configuration can be found at: routingloops.co.uk
{{#widget:DISQUS
|id=networkm
|uniqid=Tacacs Server
|url=https://aman.awiki.org/wiki/Tacacs_Server
}}