Last Updated:
Friday, 27 February 2009 By: Steve Warner

Home | About Us | Standards | Cisco IOS® | Cisco CCNA® | Cisco CCNP® | Cisco CCIE® | Security | VoIP | Configs | Links

Search

Security

TACACS Plus Server Running on Linux

 


 
Configurations below should work with all

CISCO ROUTER

aaa new-model
aaa authentication login default tacacs+ enable 
aaa authentication enable default tacacs+ enable
aaa authorization commands 1 default tacacs+ none
aaa authorization commands 15 default tacacs+ none
aaa accounting exec default start-stop tacacs+
aaa accounting commands 1 default start-stop tacacs+
aaa accounting commands 15 default start-stop tacacs+
aaa accounting network default start-stop tacacs+
aaa accounting connection default start-stop tacacs+
aaa accounting system default start-stop tacacs+

tacacs-server host 172.16.0.1
tacacs-server key bdsltd
enable secret spicegirls


For Local Authentication 

aaa authentication login default tacacs+ local
username bill password ben


LINUX


Files Below From
tac_plus-F4.0.3.alpha-5.i386.rpm
tac_plus-F4.0.3.alpha-6.i386.rpm
tac_plus-F4.0.3.alpha-7.i386.rpm
tac_plus-F4.0.3.alpha-7 src

/etc/tacacs/tac_plus.cfg

key = bdsltd

# Use /etc/shadow file to do authentication

default authentication = file /etc/shadow

# Where is the accounting records to go

accounting file = /var/log/tac_acc.log

# Profile for enable access, username is $enab15$. Used to be $enable$

user = $enab15$ {
    login = cleartext "spicegirls"
}

# Profiles for user accounts

user = bill {
    default service = permit
    login = file /etc/shadow
}

user = idiot {
    login = cleartext ohno
    cmd = show {
             permit "interface*"
             permit "ip interface*"
    }
    cmd = ping {
             permit .*
    }
    cmd = traceroute {
             permit .*
    }
}

# Profile for script altering config on router

user = script {
    login = cleartext passwd
    cmd = configure {
             permit "terminal"
    }

    cmd = interface { permit "Dialer 1" }
    cmd = description { permit .* }
    cmd = dialer {
             permit "string"
             permit "load-threshold"
    }

    cmd = ppp {
             permit "pap sent-username"
             permit "multilink"
    }

    cmd = no {
             permit "dialer string"
             permit "dialer load-threshold"
             permit "ppp pap sent-username"
             permit "ppp multilink"
    }

    cmd = write { permit . }
}

 

 

Valid HTML 4.01!

ExamPointers.com Top

Copyright © 2001 - 2017. All trademarks acknowledged.
Hosted by NETconf Limited