# TACACS+ ## Linux ### Prerequisites Install [FreeRADIUS](technical:radius) ### Install TACACS+ may either be installed using an RPM and a supported distribution's repository or from source. * [TACACS Source](https://shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz) * [TACACS RHEL 7 Repository](http://li.nux.ro/download/nux/misc/el7/x86_64/tac_plus-4.0.4.26-1.el7.nux.x86_64.rpm) #### CentOS 7 Repository /etc/yum.repos.d/tacacs.repo ``` [tacacs-plus] name=TACACS Plus baseurl=http://li.nux.ro/download/nux/misc/el7/x86_64/ enabled=1 gpgcheck=1 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro ``` ``` bash sudo dnf update sudo dnf install tac_plus ``` #### Source ``` bash wget https://shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz tar xzvf tacacs-F4.0.4.28.tar.gz cd tacacs-F4.0.4.28 ./configure make sudo make install ``` ### Configuration Generate passwd hash using `tac_pwd` /etc/tac_plus.conf ``` accounting file = /var/log/tac_plus.acct key = acl = default { permit = user = { name = member = login = des group = { default service = permit service = exec { priv-lvl = 15 } } ``` ### Startup ``` bash sudo tac_plus -C /etc/tac_plus.conf ``` ## Cisco __Server Profile__ ``` tacacs server address ipv4 key timeout ! aaa group server tacacs+ server name ip tacacs source-interface ! ip tacacs source-interface ``` __AAA Profile__ ``` aaa new-model aaa authentication login default local aaa authentication login group local aaa authorization exec default if-authenticated aaa authorization exec group local aaa authorization network default if-authenticated aaa authorization commands 15 default local aaa authorization commands 15 group local aaa accounting commands 15 start-stop group ``` __VTY Login Profile__ ``` line vty 0 4 authorization commands 15 authorization exec accounting commands 15 login authentication transport input ssh ```