Install FreeRADIUS
TACACS+ may either be installed using an RPM and a supported distribution's repository or from source.
/etc/yum.repos.d/tacacs.repo
[tacacs-plus] name=TACACS Plus baseurl=http://li.nux.ro/download/nux/misc/el7/x86_64/ enabled=1 gpgcheck=1 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
sudo dnf update sudo dnf install tac_plus
wget https://shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz tar xzvf tacacs-F4.0.4.28.tar.gz cd tacacs-F4.0.4.28 ./configure make sudo make install
Generate passwd hash using tac_pwd
/etc/tac_plus.conf
accounting file = /var/log/tac_plus.acct
key = <key>
acl = default {
permit = <subnet>
user = <username> {
name = <name>
member = <group>
login = des <hash>
group = <group> {
default service = permit
service = exec {
priv-lvl = 15
}
}
sudo tac_plus -C /etc/tac_plus.conf
Server Profile
tacacs server <server> address ipv4 <ip> key <key> timeout <value> ! aaa group server tacacs+ <group> server name <server> ip tacacs source-interface <interface> ! ip tacacs source-interface <interface>
AAA Profile
aaa new-model aaa authentication login default local aaa authentication login <list> group <group> local aaa authorization exec default if-authenticated aaa authorization exec <list> group <group> local aaa authorization network default if-authenticated aaa authorization commands 15 default local aaa authorization commands 15 <list> group <group> local aaa accounting commands 15 <list> start-stop group <group>
VTY Login Profile
line vty 0 4 authorization commands 15 <list> authorization exec <list> accounting commands 15 <list> login authentication <list> transport input ssh