/var/net/sys/admin/blog
| More

Installation & Setup of Free Tacacs+ server in Linux
(Tested via GNS3 & VirtualBox)

Software Used:

GNS3 0.8.3.1
-use 3700 IOS as Router & DHCP
-use Ethernet switch to connect hosts
-use VirtualBox guest running on Ubuntu Linux server 12.04.2 LTS

http://shrubbery.net/tac_plus/
ftp://ftp.shrubbery.net/pub/tac_plus

Installation:

1.Login as root and install dependencies such as tcp wrappers and compilation tools e.g. gcc, bison, flex, make

If you’re not sure if these packages are installed, you can use the command:

dpkg -s [packagename]

Sample:

root@freelinux:~# dpkg -s gcc bison flex

Package `gcc’ is not installed and no info is available.

Package `bison’ is not installed and no info is available.

Package `flex’ is not installed and no info is available.

To install:

root@freelinux:~# apt-get install gcc make flex \
 bison libwrap0-dev

2. Download the tacacs+ package on ftp://ftp.shrubbery.net/pub/tac_plus/. It’s good to read additional information or changes on http://shrubbery.net/tac_plus/.

Latest version as of this writing is tacacs+-F4.0.4.26

root@freelinux:~# wget \
ftp://ftp.shrubbery.net/pub/tac_plus/tacacs+-F4.0.4.26.tar.gz

3. uncompress the tarball file

root@ubuntu:~# tar zxvf tacacs+-F4.0.4.26.tar.gz

4. Build
check the INSTALL file first to see the installation guide

root@ubuntu:~/tacacs+-F4.0.4.26# less INSTALL
root@ubuntu:~/tacacs+-F4.0.4.26# ./configure

If you missed installing those dependecies, you will receive messages something like this:

configure: error: Could not find libwrap. You must first install tcp_wrappers.

So to resolve this, install the necessary packages.

# apt-get install libwrap0-dev

Libraries have been installed in:
/usr/local/lib

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR’
flag during linking and do at least one of the following:
– add LIBDIR to the `LD_LIBRARY_PATH’ environment variable
during execution
– add LIBDIR to the `LD_RUN_PATH’ environment variable
during linking
– use the `-Wl,-rpath -Wl,LIBDIR’ linker flag
– have your system administrator add LIBDIR to `/etc/ld.so.conf’

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.

Configuration:

1. After extracting the files, default directory would be /usr/local/bin/

root@ubuntu:~/tacacs+-F4.0.4.26# ls /usr/local/bin/tac*
/usr/local/bin/tac_plus /usr/local/bin/tac_pwd

2. Read the manual page for the following:

$man tac_plus
$man tac_pwd

So basically,
tac_plus – tacacs plus daemon
tac_pwd – generate DES or MD5 encryption of a password

3. use tac_pwd to encrypt clear text passwords to make it more secure
e.g.
We want to use “password” to login the username freelinux and “enablepass” to go privilege mode

root@freelinux:/etc/tacacs# /usr/local/bin/tac_pwd
Password to be encrypted: password
VUjB99kC2IGws

 

root@freelinux:/etc/tacacs# /usr/local/bin/tac_pwd
Password to be encrypted: enablepass
HD.Hw0OHKmO/c

4. Setup config files

a.create tacacs directory under /etc

5. create the tac_plus.conf file

tac_plus.conf setup:
i. set the key

#tacacs key
key = "tackey"

ii. set the user accounts

#user details
#admin freelinuxtutorials@gmail.com
user = freelinux {
default service = permit
member = admingroup
login = des VUjB99kC2IGws
}

iii. set the group details

#group details
# admin group
group = admingroup {
default service = permit
service = exec {
priv-lvl = 15
}
}

iv. set enable password

#Enable password setup for users:
user = $enable$ {
login = des HD.Hw0OHKmO/c
}
Note: This is how it looks like, get it here
v. set the location of the accounting file
accounting file = /var/log/tacacs/tac_plus.log

6. change permission

#chmod 600 /etc/tacacs/tac_plus.conf

Note: If along the way, if you encoutered such as below, then you need to create necessary links using ldconfig

tac_plus: error while loading shared libraries: libtacacs.so.1:
cannot open shared object file: No such file or directory

# vi /etc/ld.so.conf

add /usr/local/lib under /etc/ld.so.conf

 root@freelinux#ldconfig

7. Run the tacacs service

root@freelinux:/etc/tacacs# /etc/init.d/tac_plus start
Starting Tacacs+ server: tac_plus.

this tac_plus file, contents can be downloaded here

8. check if process running

root@freelinux:/etc/tacacs# netstat -na | grep 49
tcp 0 0 0.0.0.0:49 0.0.0.0:* LISTEN

——————–
Sample Cisco configuration

Configuring Cisco:

Cisco>en
Cisco#conf t
Cisco#service password-encryption
Cisco#tacacs-server host 192.168.56.10
Cisco#tacacs-server directed-request
Cisco#tacacs-server key tackey

Cisco#aaa new-model
Cisco#aaa authentication login default group tacacs+ local
Cisco#aaa authentication enable default group tacacs+ enable
Cisco#aaa authorization commands 1 default group tacacs+ local
Cisco#aaa authorization commands 15 default group tacacs+ local
Cisco#aaa accounting commands 0 default start-stop group tacacs+
Cisco#aaa accounting commands 1 default start-stop group tacacs+
Cisco#aaa accounting commands 7 default start-stop group tacacs+
Cisco#aaa accounting commands 15 default start-stop group tacacs+
Cisco#aaa accounting network 15 start-stop group tacacs+
Cisco#aaa accounting connection 15 start-stop group tacacs+

I will not go deeper into client configuration as it differs on devices and softwares by different vendors. Anyway, what has shown here is just the basic tacacs config that is proven working. Go try explore further the advance tacacs configuration. Enjoy!

Share

7 Responses to “Installation and Setup of Free Tacacs+ server in Linux”

  1. Jasper

    on June 10 2014

    This tutorial imho would be very useful, if only the link to http://ftp.shrubbery.net would work. When I google tac_plus, every site references the shrubbery.net ftp site; however, it does not work. At best I get a time out.

  2. Free Linux Tutorials

    on July 7 2014

    @Jasper,
    You can try downloading the tac_plus tarball file using FTP client if does not work using your browser.
    Latest version as of this moment is tacacs+-F5.0.0a1.tar.gz

    ftp://ftp.shrubbery.net/pub/tac_plus

  3. hassan

    on August 4 2014

    ftp link not working

  4. Installation Setup of Free Tacacs+ server in Linux | Free Linux Tutorials | Mazurland

    on October 10 2014

    […] via Installation Setup of Free Tacacs+ server in Linux | Free Linux Tutorials. […]

  5. Jockerpec

    on February 24 2016

    There might be realized an authentication delegated on another server tacacs if a user was not finding in the list.

  6. Alexey

    on May 24 2016

    Hi, There,
    I found interesting project – tacacsGUI. It is self-hosted front-end UI for tac_plus configuration. My installation was easy, try it. Plus it has some advantages like Backup Maker for auto backup, Subnet searcher for subnets collection etc. Good luck!

  7. 91Latoya

    on November 29 2016

    Hello admin !! I read your blog everyday and i must say you have very interesting content here.
    Your website deserves to go viral. You need initial traffic only.

    How to go viral fast? Search for: forbesden’s tools

Comment RSS · TrackBack URI

Leave a comment

Name: (Required)

E-mail: (Required)

Website:

Comment:

 

About FLT

This site is dedicated to everyone who likes to learn and explore the beautiful world of Linux. If you have comments and suggestions, please feel free to email at freelinuxtutorials@gmail.com. I am happy to serve and share things esp. that is free and enjoyable as Linux.