Tacacs Server: Difference between revisions
Content added Content deleted
(page created) |
No edit summary |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Category:Lab]] |
[[Category:Lab]] |
||
__NOTOC__ |
__NOTOC__ |
||
Installing TACACS+ Server in Ubuntu 16.10: |
'''Installing TACACS+ Server in Ubuntu 16.10:''' |
||
Source: [http://blog.marquis.co/configuring-tacacs-server-on-ubuntu-14-04lts/ blog.marquis.co] |
Source: [http://blog.marquis.co/configuring-tacacs-server-on-ubuntu-14-04lts/ blog.marquis.co] |
||
Installing the binaries: |
Installing the binaries: |
||
sudo apt-get install |
sudo apt-get install tacacs+ |
||
To find out location of the configuration file and |
To find out location of the configuration file and check if the process is running: |
||
ps -ef | grep tac_plus |
ps -ef | grep tac_plus |
||
Line 95: | Line 95: | ||
;References |
;References |
||
<references/> |
<references/> |
||
*Further information about configuration can be found at: [http://www.routingloops.co.uk/cisco/tacacs-on-ubuntu-14-04-lts/ routingloops.co.uk] |
|||
<br /> |
<br /> |
||
<br /> |
<br /> |
Latest revision as of 14:44, 19 November 2018
Installing TACACS+ Server in Ubuntu 16.10:
Source: blog.marquis.co
Installing the binaries:
sudo apt-get install tacacs+
To find out location of the configuration file and check if the process is running:
ps -ef | grep tac_plus
Below daemons are important components of TACACS:
- tac_plus is the TACACS+ daemon. You can run daemon via the cli
- tac_pwd is used to generate DES or MD5 hash from clear text. DES is the defualt, to generate a MD5 hash, add -m flag.
Back-up the original file in case of any issues:
sudo cp /etc/tacacs+/tac_plus.conf /etc/tacacs+/tac_plus.conf.old
Create the accounting file:
sudo touch /var/log/tac_plus.acct
Generate the DES password key from plain text password:
aman@ubuntu:~$ tac_pwd Password to be encrypted: pwd@123 vKW4pcsmfuAv6
Or Generate the MD5 key:
aman@ubuntu:~$ tac_pwd -m Password to be encrypted: pwd@123 $1$e1$TNezYxFMYdjywwJwefEAv/
Edit the config file to add users, groups & generated passwords:
sudo nano /etc/tacacs+/tac_plus.conf
The file should look similar to below config:
accounting file = /var/log/tac_plus.acct # This is the key that clients have to use to access Tacacs+ key = testing123 user = test { name = "Test User" member = staff login = des vKW4pcsmfuAv6 } user = aman { name = "Amandeep Singh" member = admin login = des vKW4pcsmfuAv6 } group = admin { default service = permit service = exec { priv_lvl = 15 } } group = staff { service = exec { priv-lvl = 15 } cmd = show { permit .* } cmd = write { permit term } cmd = dir { permit .* } cmd = admin { permit .* } cmd = terminal { permit .* } cmd = more { permit .* } cmd = exit { permit .* } cmd = logout { permit .* } }
- References
- Further information about configuration can be found at: routingloops.co.uk
{{#widget:DISQUS
|id=networkm
|uniqid=Tacacs Server
|url=https://aman.awiki.org/wiki/Tacacs_Server
}}