[RADIATOR] How to setup tacacas plus
Hugh Irvine
hugh at open.com.au
Thu Apr 15 16:51:17 CDT 2010
Hello Jorgen -
See also "goodies/tacplus.txt" in the Radiator 4.6 distribution.
I've also included it in this mail for your convenience.
regards
Hugh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: tacplus.txt
Url: http://www.open.com.au/pipermail/radiator/attachments/20100416/dc5304a8/attachment.txt
-------------- next part --------------
On 16 Apr 2010, at 03:58, Alexander Hartmaier wrote:
> Hi Jorgen,
>
> take a look at the file tacacsplusserver.cfg in the goodies directory.
>
> --
> Best regards, Alex
>
>
> Am Donnerstag, den 15.04.2010, 16:57 +0200 schrieb
> Jorgen.Ohlsson at teliasonera.com:
>> Hey there we are about to replace our old tacacs and radius daemons
>> with radiator radius since we have really old tacacs server and uses
>> old code for the freeradius daemons.
>>
>> I have looked in the ref.pdf file and also the mailinglist and googled
>> the web but I dont understand how to get the tacacs config the way I
>> want it. I got the radius part working and talking to our safeword
>> server.
>>
>> Here is the config of the tacacs that I would like to convert to
>> radiator radius config.
>>
>> The tac_plus.cfg
>>
>> Key = secretkey
>>
>> group = RO {
>> service = exec {
>> priv-lvl = 1
>> }
>> }
>>
>> group = SHOW {
>> default service = deny
>> service = exec {
>> priv-lvl = 15
>> }
>> cmd = show {
>> permit "ip accounting"
>> permit "ip arp"
>> permit "ip bgp"
>> permit "ip cache"
>> permit "ip cef"
>> permit "ip eigrp"
>> permit "ip flow"
>> permit "ip helper-address"
>> permit "ip igmp"
>> permit "ip interface"
>> permit "ip mroute"
>> permit "ip ospf"
>> permit "ip protocols"
>> permit "ip rip"
>> permit "ip route"
>> permit "ip traffic"
>> permit "route-map"
>> permit "policy-map"
>> permit "controllers"
>> permit "dialer"
>> permit "atm"
>> permit "interface"
>> permit "class-map"
>> permit "cef"
>> permit "history"
>> permit "protocols"
>> permit "frame-relay"
>> permit "dsl"
>> permit "arp"
>> permit "bgp"
>> permit "standby"
>> permit "clock"
>> permit "process"
>> deny ".*"
>> }
>> cmd = ping {
>> permit ".*"
>> }
>> cmd = traceroute {
>> permit ".*"
>> }
>> }
>>
>> group = RW {
>> default service = permit
>> service = exec {
>> priv-lvl = 15
>> }
>> }
>>
>> Best regards/ Terveisin/ H?lsningar
>>
>> J?rgen Ohlsson
>> TeliaSonera Sweden,
>> Networks & Production VAS
>> Abuse & Security
>>
>>
>
>
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may be privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list