ipBalance

Tweet

To describe how to install TACACS application on step by step. Specifically we are install tac-plus in this article.

1. Download TACACS+

Get lastest tacacs+ binary rpm file from http://www.gazi.edu.tr/tacacs.

2. Install Tac-plus application

Login your machine with root account to avoid any interruption while installing TACACS+

and type

rpm -ivh tac_plus.xxx.i386.rpm

By this command tacacs+ must install your system and to verify your installation type below

rpm -q tac_plus

If you see below output, you are good to go.

tac_plus-F4.0.3.alpha-7

3. Configure TACACS.conf

# Created by Devrim SERAL(devrim@gazi.edu.tr)
# It's very simple configuration file
# Please read user_guide and tacacs+ FAQ to more information to do more
# complex tacacs+ configuration files.

key = IPBALANCE

# Use /etc/passwd file to do authentication

default authentication = file /etc/passwd.log

# Now tacacs+ also use default PAM authentication
#default authentication = pam pap

#If you like to use DB authentication
#default authentication = db "db_type://db_user:db_pass@db_hostname/db_name/db_table?name_field&pass_field
# db_type: mysql or null
# db_user: Database connect username
# db_pass: Database connection password
# db_hostname : Database hostname
# db_name : Database name
# db_table : authentication table name
# name_field and pass_field: Username and password field name at the db_table

# Accounting records log file

accounting file = /var/log/tacacs/tacacs.log

# Would you like to store accounting records in database..
# db_accounting = "db_type://db_user:db_pass@db_hostname/db_name/db_table"
# Same as above..

# Permit all authorization request

default authorization = permit

# Profile for enable access, username is $enab15$. Used to be $enable$

user = $enab15$ {
login = cleartext Pr1celess
}

# Profiles for user accounts

user = Superman {
login = cleartext SuperPOP40
}

In this case, username; Superman and password; SuperPOP40

4. configure Network device(Cisco router)

aaa new-model
aaa authentication login default tacacs+ line enable none
aaa authentication login defaut tacacs+ line enable none

tacacs-server host 65.222.247.53
tacacs-server host 65.222.247.37
tacacs-server key IPBALANCE

Or  another sample (if tacacs login is failed, local database will be used)

aaa new-model
username ipBalance password xxx-ipBalance
aaa authentication login default enable
aaa authentication login access1 local
aaa authentication login access2 tacacs+ local

tacacs-server host 65.222.247.53
tacacs-server host 65.222.247.37
tacacs-server key IPBALANCE
!
!
Line console 0
   login authentication access 2
!
!
Line vty 0 4
   password yyy-ipBalance
   login