生まれ変わる - umarekawaru

User Tools

Site Tools

Trace:
technical:tacacs

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
technical:tacacs [2022/09/26 13:25] jctechnical:tacacs [2022/10/03 08:43] (current) jc
Line 3: Line 3:
 ## Linux ## Linux
 ### Prerequisites ### Prerequisites
-Install FreeRADIUS a+Install [FreeRADIUS](technical:radius)
 ### Install ### Install
  
-Add TACACS repository to your distribution or install from source.+TACACS+ may either be installed using an RPM and a supported distribution's repository or from source.
  
-* [TACACS Source](https://shrubbery.net/pub/tac_plus/https://shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz)+* [TACACS Source](https://shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz)
 * [TACACS RHEL 7 Repository](http://li.nux.ro/download/nux/misc/el7/x86_64/tac_plus-4.0.4.26-1.el7.nux.x86_64.rpm) * [TACACS RHEL 7 Repository](http://li.nux.ro/download/nux/misc/el7/x86_64/tac_plus-4.0.4.26-1.el7.nux.x86_64.rpm)
  
 +#### CentOS 7 Repository
 +
 +/etc/yum.repos.d/tacacs.repo
 ``` ```
 [tacacs-plus] [tacacs-plus]
 name=TACACS Plus name=TACACS Plus
-baseurl=http://li.nux.ro/download/nux/misc/el6/x86_64/+baseurl=http://li.nux.ro/download/nux/misc/el7/x86_64/
 enabled=1 enabled=1
 gpgcheck=1 gpgcheck=1
 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
 +```
 +
 +``` bash
 +sudo dnf update
 +sudo dnf install tac_plus
 +```
 +#### Source
 +``` bash
 +wget https://shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz
 +tar xzvf tacacs-F4.0.4.28.tar.gz
 +cd tacacs-F4.0.4.28
 +./configure
 +make
 +sudo make install
 ``` ```
 ### Configuration ### Configuration
 +
 +Generate passwd hash using `tac_pwd`
 +
 +/etc/tac_plus.conf
 +```
 +accounting file = /var/log/tac_plus.acct
 +key = <key>
 +
 +acl = default {
 +  permit = <subnet>
 +  
 +user = <username> {
 +  name = <name>
 +  member = <group>
 +  login = des <hash>
 +
 +group = <group> {
 + default service = permit
 + service = exec {
 + priv-lvl = 15
 + }
 + }
 +```
 +
 ### Startup ### Startup
 +
 +``` bash
 +sudo tac_plus -C /etc/tac_plus.conf
 +```
 +
 ## Cisco ## Cisco
 __Server Profile__ __Server Profile__
Line 39: Line 85:
 __AAA Profile__ __AAA Profile__
 ``` ```
 +aaa new-model
 aaa authentication login default local aaa authentication login default local
 aaa authentication login <list> group <group> local aaa authentication login <list> group <group> local
-aaa authorization exec default local  +aaa authorization exec default if-authenticated 
-aaa authorization exec <list> group <group> local +aaa authorization exec <list> group <group> local 
 +aaa authorization network default if-authenticated
 aaa authorization commands 15 default local  aaa authorization commands 15 default local 
 aaa authorization commands 15 <list> group <group> local  aaa authorization commands 15 <list> group <group> local 
technical/tacacs.1664213116.txt.gz · Last modified: 2022/09/26 13:25 by jc

Page Tools