Open Source Tacacs Server Linux

This guide will walk you through the setup of a Linux based TACACS+ Authentication Server, using Ubuntu 18.04 (tested on Ubuntu 16.04 as well) that authenticates against a Windows Active Directory LDAP(S). This guide assumes that you are familiar with installing and configuring a Ubuntu Server and can deploy or have already deployed a Windows. Tacplus is a TACACS+ daemon for Linux that is based on the original Cisco TACACS+ source code. Security is paramount to any organization, so hardening the organization’s networking devices add a layer to organization’s security. A security enthusiast once told me that security is. Comment and share: 5 best open source Linux server distributions By Jack Wallen. Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety. I have customer who controls access to the internet via TACACS server, basically a PIX firewall uses authentication from the TACACS to say if traffic is allowed to pass out of the gateway. I can't find anything on how to configure a linux client of TACACS authentication only how to set up a linux TACACS server. Although TACACS+ was developed by Cisco Systems, it is actually an open standard as defined by RFC1482 and has been incorporated into a number of different vendors including Alcatel/Lucent, Arbor, Brocade/Foundry, Cisco/Linksys, Extreme, HP/3Com, Huawei, IBM, Juniper/Netscreen, Netgear and any others.

IT Systems

Tacacs Plus is an identity management solutions with a protocol for AAA services such as , authentication, authorization, accounting. It is used as a centralized authentication and identity access management to network devices. It is the protocols for security that can provide a specific authorization and centralized access to particular user to work with network devices.

With accounting, it gives a mandatory audit logs or event log monitoring by logging all actions executed by privileged users.

In this article of how to install Tacac+ identity and access management solutions, it is presumed that:

a. You have already install RHEL/CentOS 7 Linux dedicated server up and running. In case that you don’t, you would probably like to read this link. Minimal RHEL/CentOS 7 Installation With Logical Volume Manager (LVM).
b. You have already done the initial server setup. Please refer to this link Minimal RHEL/CentOS 7 Initial Server Setup.

First of all we need to create a new Yum repository file where we can grab tac_plus, Tacac+ identity management solutions, packet, so we don’t need to compiling the source code.

# cd /etc/yum.repos.d/
# vim tacacs-plus.repo

[tacacs-plus]
name=Tacacs Plus
baseurl=http://li.nux.ro/download/nux/misc/el6/x86_64/
enabled=0
gpgcheck=1
gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro

Now we can start to install tac_plus packet by using the following command.

# yum –enablerepo=tacacs-plus install tac_plus

Below is the configuration requirement. There are two groups. The first group name is “netadmins” with full privilege on the network devices and the second group name is “guestusers” who can have a centralized access to execute command show view the configuration but not be able to make any change on the network devices.

AuthenticationAuthorization CommandsAccounting
Group NameGroup Member
netadminstomFull privileges/var/log/tac.acct
jerry
guestusersnocshow
exit
end

Before starting to edit Tacac+ identity management solutions configuration file to meet above requirement, let create the users in Linux systems and set a password for them first.

Open Source Tacacs Server Linux

Free Tacacs Server

# useradd tom
# passwd tom

# useradd jerry
# passwd jerry

# useradd noc
# passwd noc

We can start editing Tacacs Plus identity management solutions configuration file as the following.

# vim /etc/tac_plus.conf

key = “[email protected]
accounting file = /var/log/tac.acct
## Groups Definition ##
group = netadmins {

default service = permit
login = PAM
service = exec {
priv-lvl = 15
}

}
group = guestusers {

default service = deny
login = PAM

service = exec {
priv-lvl = 15
}
cmd = show {
permit .*
}
cmd = exit {
permit .*
}
cmd = quit {
permit .*
}
cmd = end {
permit .*
}

}
## Users Definition ##

user = tom {
member = netadmins
}
user = jerry {
member = netadmins
}

user = noc {
member = guestusers
}

Finally, we need to start service of Tacacs+ identity management solutions which is tac_plus service and enable it to start after systems reboot.

# system restart tac_plus
# chkconfig tac_plus on

Open Source Tacacs Server Linux Command

Source

We can view tac_plus port with the following command.

# nmap localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2017-05-25 22:19 +07
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000080s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
49/tcp open tacacs

Nmap done: 1 IP address (1 host up) scanned in 0.10 second

Now we need to open the firewall for tac_plus port.

# vim /etc/sysconfig/iptables
-A INPUT -p tcp -m state –state NEW -m tcp –dport 49 -j ACCEPT

# systemctl restart iptables
# iptables -L -v -n

This is how to configure Tacacs+ identity management solutions on RHEL/CentOS 7. Tacacs+ is the only security protocols used to provide centralized access into networks.Hopefully, you can understand and be able to install and configure for authenticating with Linux systems users now. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them. Thank you and have a great day.

Bass kleph easy wash out download. FREE VST AU Ableton Plugin creates huge buildups with one knob. As used by NGHTMRE, Tommy Trash, Chris Lake, 12th Planet, Peking Duk, Funkagenda, Cazztek, Micky Slim, & more!

Linux Tacacs Server

Comments

comments

Tacacs+ Server Software

Related posts: