Tacacs Server
Installing TACACS+ Server in Ubuntu 16.10:
Source: blog.marquis.co
Installing the binaries:
sudo apt-get install tacacs+
To find out location of the configuration file and check if the process is running:
ps -ef | grep tac_plus
Below daemons are important components of TACACS:
- tac_plus is the TACACS+ daemon. You can run daemon via the cli
- tac_pwd is used to generate DES or MD5 hash from clear text. DES is the defualt, to generate a MD5 hash, add -m flag.
Back-up the original file in case of any issues:
sudo cp /etc/tacacs+/tac_plus.conf /etc/tacacs+/tac_plus.conf.old
Create the accounting file:
sudo touch /var/log/tac_plus.acct
Generate the DES password key from plain text password:
aman@ubuntu:~$ tac_pwd Password to be encrypted: pwd@123 vKW4pcsmfuAv6
Or Generate the MD5 key:
aman@ubuntu:~$ tac_pwd -m Password to be encrypted: pwd@123 $1$e1$TNezYxFMYdjywwJwefEAv/
Edit the config file to add users, groups & generated passwords:
sudo nano /etc/tacacs+/tac_plus.conf
The file should look similar to below config:
accounting file = /var/log/tac_plus.acct # This is the key that clients have to use to access Tacacs+ key = testing123 user = test { name = "Test User" member = staff login = des vKW4pcsmfuAv6 } user = aman { name = "Amandeep Singh" member = admin login = des vKW4pcsmfuAv6 } group = admin { default service = permit service = exec { priv_lvl = 15 } } group = staff { service = exec { priv-lvl = 15 } cmd = show { permit .* } cmd = write { permit term } cmd = dir { permit .* } cmd = admin { permit .* } cmd = terminal { permit .* } cmd = more { permit .* } cmd = exit { permit .* } cmd = logout { permit .* } }
- References
- Further information about configuration can be found at: routingloops.co.uk
{{#widget:DISQUS
|id=networkm
|uniqid=Tacacs Server
|url=https://aman.awiki.org/wiki/Tacacs_Server
}}