TACACS PLUS SERVER RUNNING ON LINUX


Configurations below should work with all

CISCO ROUTER

aaa new-model
aaa authentication login default tacacs+ enable 
aaa authentication enable default tacacs+ enable
aaa authorization commands 1 default tacacs+ none
aaa authorization commands 15 default tacacs+ none
aaa accounting exec default start-stop tacacs+
aaa accounting commands 1 default start-stop tacacs+
aaa accounting commands 15 default start-stop tacacs+
aaa accounting network default start-stop tacacs+
aaa accounting connection default start-stop tacacs+
aaa accounting system default start-stop tacacs+

tacacs-server host 172.16.0.1
tacacs-server key bdsltd
enable secret spicegirls


For Local Authentication 

aaa authentication login default tacacs+ local
username bill password ben


LINUX


Files Below From
tac_plus-F4.0.3.alpha-5.i386.rpm
tac_plus-F4.0.3.alpha-6.i386.rpm
tac_plus-F4.0.3.alpha-7.i386.rpm
tac_plus-F4.0.3.alpha-7 src

/etc/tacacs/tac_plus.cfg

key = bdsltd # Use /etc/shadow file to do authentication default authentication = file /etc/shadow # Where is the accounting records to go accounting file = /var/log/tac_acc.log # Profile for enable access, username is $enab15$. Used to be $enable$ user = $enab15$ { login = cleartext "spicegirls" } # Profiles for user accounts user = bill { default service = permit login = file /etc/shadow } user = idiot { login = cleartext ohno cmd = show { permit "interface*" permit "ip interface*" } cmd = ping { permit .* } cmd = traceroute { permit .* } } # Profile for script altering config on router user = script { login = cleartext passwd cmd = configure { permit "terminal" } cmd = interface { permit "Dialer 1" } cmd = description { permit .* } cmd = dialer { permit "string" permit "load-threshold" } cmd = ppp { permit "pap sent-username" permit "multilink" } cmd = no { permit "dialer string" permit "dialer load-threshold" permit "ppp pap sent-username" permit "ppp multilink" } cmd = write { permit . } }

 

 

Last Updated 28 January 2001


Home | Networking | Teletext | About Us

Copyright 1997 - 2005 Business Direct Services Limited. All other trade marks acknowledged.
Using the products and services of Business Direct Services Limited confirms acceptance of their terms and conditions.