宁静致远
Ubuntu20.04下tacacs服务器安装
1、下载文件,最新的版本可以在这里看到(ftp://ftp.shrubbery.net/pub/tac_plus

百度网盘https://pan.baidu.com/s/1z8pEHDrJW0kyuyYF6U0Jag,密码(r1r1)
sudo wget ftp://ftp.shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz

2、使用apt-get软件包管理器安装了libwrap0-dev、flex和bison软件包。libwrap0-dev提供基于客户端主机名或IP地址的网络服务访问控制,而flex和bison是用于生成编程语言词法分析器和解析器的工具

sudo apt-get install libwrap0-dev flex bison

3、sudo tar -zxvf tacacs-F4.0.4.28.tar.gz

4、sudo ./configure

5、sudo make install

6、添加库路径,修改该文件如下所示:

sudo vi /etc/ld.so.conf
//改成下面这样
include /etc/ld.so.conf.d/*.conf
/usr/lib
//改完后退出,然后在命令行上执行下面这条语句
sudo ldconfig

7、创建配置文件,/etc/tacacs+/tac_plus.conf ,内容如下:

#Make this a strong key,共享密钥
key = 12345678

#Am using local PAM which allows us to use local linux users, you can use any backend like Windows AD
default authentication = file /etc/passwd

 #Define groups that we shall add users to later
 #In this example I have defined 2 groups support and unicorns and assign them respective privileges

#*************************
#***USERS ACCOUNTS HERE***
#*************************
#
#将下面这样的用户需要添加到Linux里面,因为是使用linux自身的验证机制。
#
user = master {
        member = Network_Engineers    #组的配置
}
user = node1 {
        member = Field_Techs
}
user = node2 {
        member = Managers
}


#*************************
#***   GROUPS HERE     ***
#*************************
group = Network_Engineers {
        default service = permit    #这个选项是授权(Author)使用的
        login = file /etc/passwd    #使用系统的用户名和密码验证机制
        enable = file /etc/passwd
}

#仅开放部分cmd
group = Field_Techs {
        default service = deny
        login = file /etc/passwd
        enable = file /etc/passwd
        service = exec {
        priv-lvl = 2
        }
        cmd = enable {
                permit .*
        }
        cmd = show {
                permit .*
        }
        cmd = do {
                permit .*
        }
        cmd = exit {
                permit .*
        }
        cmd = configure {
                permit terminal
        }
        cmd = interface {
                permit .*
        }
        cmd = shutdown {
                permit .*
        }
        cmd = no {
                permit shutdown
        }
        cmd = speed {
                permit .*
        }
        cmd = duplex {
                permit .*
        }
        cmd = write {
                permit memory
        }
        cmd = copy {
                permit running-config
        }
}

group = Managers {
        default service = deny
        login = file /etc/passwd
        enable = file /etc/passwd
        service = exec {
        priv-lvl = 2
        }
        cmd = enable {
                permit .*
        }
        cmd = show {
                permit .*
        }
        cmd = exit {
                permit .*
        }
}

 8、执行程序

#重启tacacs_plus
sudo tac_plus -C /etc/tacacs+/tac_plus.conf -t -d 1
 
#查看log
tail -f /var/log/tac_plus.log
 
#添加用户
adduser master
adduser node1
adduser node2

9、

 

posted on 2023-04-19 19:24  Star*S  阅读(1022)  评论(3编辑  收藏  举报

Copyright © 2025 Star*S
Powered by .NET 9.0 on Kubernetes Powered By博客园