Linux TACACS+ Server 安裝

安裝TACACS+

Ubuntu 18

apt-get install tacacs+

ubuntu 20以後已棄用tacacs+軟件包，下載檔案自行編譯

apt-get update
cd ~
wget http://www.pro-bono-publico.de/projects/src/DEVEL.tar.bz2
bzip2 -dc DEVEL.tar.bz2 | tar xvfp -
cd PROJECTS
make
make install
mkdir /var/log/tac_plus
mkdir /var/log/tac_plus/access
mkdir /var/log/tac_plus/accounting
mkdir /var/log/tac_plus/authentication
cp tac_plus/extra/etc_init.d_tac_plus /etc/init.d/tac_plus
chmod +x /etc/init.d/tac_plus

DEVEL.tar.bz2

設定tac_plus

sample設定檔 /usr/local/etc/mavis/sample/tac_plus.cfg

新建設定檔於/usr/local/etc/tac_plus.cfg

#!/usr/local/sbin/tac_plus
id = spawnd {
    listen = { port = 49 }
}
id = tac_plus {
    # Log files
    authentication log = /var/log/tac_plus/authentication.log
    accounting log = /var/log/tac_plus/accounting.log
    authorization log = /var/log/tac_plus/authorization.log
    retire limit = 3000
    # Define external authentication module
    mavis module = external {
        exec = /usr/local/lib/mavis/mavis_tacplus_passwd.pl
    }
    # Authentication backend
    login backend = mavis
    # Default host for all connections
    host = 0.0.0.0/0 {
        key = "test"
    }
    group = admin {
                default service = permit
                service = shell {
                        default command = permit
                        default attribute = permit
                        set priv-lvl = 15
                }
        }
    user = jason {
                password = crypt <加密密碼>
                member = admin
                service = junos-exec {
                    set local-user-name =  SUPER
               }
        }
}

加密密碼

openssl passwd -crypt <密碼>

systemctl enable tac_plus
systemctl restart tac_plus
systemctl status tac_plus