Install Tacacs Server Ubuntu
Tacacs+ is an open-standard protocol compatible across various networking equipment vendor platforms. Tacacs+ is a TCP based entirely new protocol used for AAA
1. Install the required packages
apt install build-essential flex yacc libwrap0-dev libpam0g-dev
2. Create folder for tacac configuration file on /etc/tacacs
mkdir /etc/tacacs
3. Download tacacs package from and extract tacacs package
wget <https://shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz>
tar -xzvf tacacs-F4.0.4.28.tar.gz
4. Go to extracted folder, Now, we will configure and build the tac_plus packages on our server.
cd tacacs-F4.0.4.28
sudo ./configure --etcdir=/etc/tacacs
sudo make
sudo make install
4. Make tacacs log file and set permission
touch /var/log/tacacs.log
chmod 755 /var/log/tacacs.log
5. Make tacacs configuration file
nano /etc/tacacs/tac_plus.conf
add configuration edit file and add configuration
#Define tacacs server key
key = testing123
#Define tacacs server log location
accounting file = /var/log/tacacs.log
logging = local5
#Define groups that we shall add users to later
group = user {
default service = permit
login = file /etc/passwd
service = exec {
priv-lvl = 15
}
}
#Defining users and assigning them to groups above
user = test {
login = file /etc/passwd
member = user
}
6. Start tacacs server
tac_plus -C /etc/tacacs/tac_plus.conf -d 128 -l /var/log/tac_plus.log
7. test tacacs auth
tactest -s {{server_ip}} -k {{key}} -u {{user}} -p {{password}}
------------------
SUMMARY STATISTICS
------------------
Total Commands ..................... 1
Successes .......................... 1
Failures ........................... 0
No Results ......................... 0
Time Taken for commands ............ 0,261 secs
Avg Possible Transactions/Second ... 3
Network Time per command ........... 0,107 secs
Total Network time ................. 0,107 secs
Sent Transactions/Second ........... 3,3
Create Tacacs Service running on boot
nano /usr/bin/tacacs.sh
Add the script below
#!/bin/bash
tac_plus -C /etc/tacacs/tac_plus.conf -d 128 64 16 8 -l /var/log/tac_plus.log
And create service for running script on booting
nano /etc/systemd/system/tacacs.service
add
[Unit]
Description=Tacacs service
After=network.target
[Service]
ExecStart=/usr/bin/tacacs.sh
RemainAfterExit=true
Type=oneshot
[Install]
WantedBy=multi-user.target
reload and enable service tacacs
systemctl enable tacacs.service
systemctl daemon-reload
start tacacs service
systemctl start tacacs.service