[RADIATOR] How to setup tacacas plus
Jorgen.Ohlsson at teliasonera.com
Jorgen.Ohlsson at teliasonera.com
Thu Apr 15 09:57:57 CDT 2010
Hey there we are about to replace our old tacacs and radius daemons with radiator radius since we have really old tacacs server and uses old code for the freeradius daemons.
I have looked in the ref.pdf file and also the mailinglist and googled the web but I dont understand how to get the tacacs config the way I want it. I got the radius part working and talking to our safeword server.
Here is the config of the tacacs that I would like to convert to radiator radius config.
The tac_plus.cfg
Key = secretkey
group = RO {
service = exec {
priv-lvl = 1
}
}
group = SHOW {
default service = deny
service = exec {
priv-lvl = 15
}
cmd = show {
permit "ip accounting"
permit "ip arp"
permit "ip bgp"
permit "ip cache"
permit "ip cef"
permit "ip eigrp"
permit "ip flow"
permit "ip helper-address"
permit "ip igmp"
permit "ip interface"
permit "ip mroute"
permit "ip ospf"
permit "ip protocols"
permit "ip rip"
permit "ip route"
permit "ip traffic"
permit "route-map"
permit "policy-map"
permit "controllers"
permit "dialer"
permit "atm"
permit "interface"
permit "class-map"
permit "cef"
permit "history"
permit "protocols"
permit "frame-relay"
permit "dsl"
permit "arp"
permit "bgp"
permit "standby"
permit "clock"
permit "process"
deny ".*"
}
cmd = ping {
permit ".*"
}
cmd = traceroute {
permit ".*"
}
}
group = RW {
default service = permit
service = exec {
priv-lvl = 15
}
}
Best regards/ Terveisin/ Hälsningar
Jörgen Ohlsson
TeliaSonera Sweden,
Networks & Production VAS
Abuse & Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100415/2684d75d/attachment.html
More information about the radiator
mailing list