Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [tacacs+]

20 questions
8
votes
1 answer

Authenticate Linux sshd with TACACS+ (Cisco ACS)

Our network engineering team uses multiple linux servers for syslog collection, configuration backups, tftp, etc... We want to use TACACS+ on a Cisco ACS machine as our central authentication server where we can change passwords and account for user…
Mike Pennington
  • 8,305
  • 9
  • 44
  • 87
2
votes
1 answer

Passwordless Kerberos management of Cisco devices

Does anyone have any experience of using Kerberos as an authentication mechanism for managing a Cisco IOS based network? This article seems to indicate it's possible, but my Kerberos knowledge is limited to that of a user on centrally managed…
Murali Suriar
  • 10,296
  • 8
  • 41
  • 62
2
votes
0 answers

Linux TACACS+ auth for SSH but allow users to use public key auth

we have running tacacs environment for centralised login to our routers, firewalls etc and even most of our linux boxes to ssh what we would like to do is allow users to authenticate to SSH via public key auth rather than having to type there…
anthonysomerset
  • 4,233
  • 2
  • 21
  • 24
2
votes
2 answers

How does Arista EOS and Cisco IOS encrypt tacacs+ encyption keys?

We're using tacacs for AAA on our network devices, and I'm interested/curious in how our devices are encrypting the passwords device side. Following the Arista EOS manual, page 139, I'm running: switch(config)#tacacs-server key 0 cv90jr1 The guide…
David Mah
  • 158
  • 6
1
vote
1 answer

Tacacs+ with PAM two-factor Google authentication?

I'm working on a tacacs+ server for my campus network, and I have been wondering how I could set up a tacacs+ server to communicate to PAM running google's two-factor authentication. I've done quite a bit of googling, found some useful information,…
Disco King
  • 13
  • 1
  • 5
1
vote
1 answer

TACACS+ configuration: how to receive priv-lvl value?

I need to configure TACACS+ server to know if the given user is authenticated* and what is his priv-lvl. As a client I'm using tactest (tacacs.net) and TACACS+ Client Java Library (AXL). I tried with this: user = admin { name = “Admin User” …
tomekceszke
  • 21
  • 6
1
vote
4 answers

TACACS+ - Cisco Router - Failover to local database not operating as it should

I have TACACS+ working and now I am trying to set it up so that it will failover locally if the TACACS+ server is unavailable. My goal is for it to check the TACACS server first, then failover if it is not contactable. It is my understanding that…
Lance
  • 281
  • 10
  • 20
1
vote
0 answers

Can't authorise commands via tacacs+ server executed in shell by ssh

I've setup a tacacs+ server and a PAM tacacs client from here- https://github.com/kravietz/pam_tacplus/tree/main. When user ssh into the tacacs client machine, I want authentication from tacacs+ server and allow execution of only those commands in…
Faisal Alam
  • 11
  • 1
0
votes
1 answer

Server 2016 Tacacs.net install throwing "Error in Processing response" and need it to be up today.

I've been struggling a few days with this. I have a brand new server that I install tacacs.net on and I can't get it to work. I followed the quickstart guide and opened port 49. I'm thinking either there is an error with the character set or an…
Douglas Rios
  • 1
  • 1
0
votes
0 answers

Authenticating any Linux distro with Tacacs and Active Directory

I have a set-up in my organisation where in, login to all network devices (Cisco, Juniper & ....) are authenticated using Windows AD and Cisco tacacs server. User's are pushed into AD via separate web portal. Now, I have a requirement of integrating…
Pravin
  • 111
  • 1
  • 3
0
votes
1 answer

Does "aaa accounting commands" not support radius?

When I issue this command: aaa accounting commands 15 default start-stop group myradiusgroup I get this error: %AAAA-4-SERVNOTACPLUS: The server-group "myradiusgroup" is not a tacacs+ server group. Please define "myradiusgroup" as a tacacs+ server…
red888
  • 4,183
  • 18
  • 64
  • 111
0
votes
1 answer

tacacs+ for Linux authentication/authorization using pam_tacplus

I am using TACACS+ to authenticate Linux users using pam_tacplus.so PAM module and it works without issues. I have modified the pam_tacplus module to meet some of my custom requirements. I know by default, TACACS+ does not have any means to support…
chandank
  • 847
  • 3
  • 14
  • 31
0
votes
1 answer

Linux TACACS+ authorization

I'd like to know to to authorize (only allow a set of commands) users on Linux console (bash). I'm so far able to authenticate ssh users over TACACS+ but authorization is not working. This is my tac_plus.conf file, really simplified for…
Ignacio Verona
  • 141
  • 5
0
votes
0 answers

Network device failing to access groups from Active Directory

Occurs only for only 1 user , when TACACS+ tries to authenticate and retreive groups it fails, according to logs authentication is a success but fails when retreiving groups with error, "24027 Groups search ended with an error". -> User id works…
Darktux
  • 827
  • 5
  • 21
  • 36
0
votes
1 answer

TACACS+ ACS 5.3 Err 'ACS: Resource not found or internal server error No information'

Has anyone experienced this issue before? Running: Cisco TACACS+ ACS 5.3 When I log in I see this displayed on the right pane. I still have the navigation links on the the left pane and able to launch the monitoring and reporting. ACS: Resource not…
onxx
  • 200
  • 1
  • 1
  • 12
1
2