Configure Linux TACACS+ Servers using the Cisco TACACS+ Daemon

The PacketShaper TACACS+ client has been tested with the Cisco TACACS+ Daemon. This section includes instructions on configuring a Linux TACACS+ server with PacketShaper-specific information. These steps should be performed before you configure the TACACS+ authentication and TACACS+ accounting services via the PacketShaper browser or command-line interfaces. For more information on the general setup and configuration of your TACACS+ server, refer to the documentation included with the product.

Note: This procedure only is recommended for users with previous Linux experience.

Configure the TACACS+ Server

  1. Install TACACS+ server from your Linux distribution. In Ubuntu: apt-get install tacacs+

  2. To configure the TACACS+ server, update the TACACS+ user configuration file tac_plus.conf with information for each TACACS+ user. The example configuration text below shows how to define TACACS+ users with look or touch access and a clear text password, and a touch access user with an encrypted password.

Note: For additional details, refer to the users_guide file included with the Cisco TACACS+ files.

# set the secret key
key = "<key>"

# where the accounting records should go
accounting file = /var/log/tac_plus.acct

# users accounts
user = <username> {
login = cleartext "<password>"
before authorization "echo \"access=touch\"; exit 2"
name = "<username> touch login"
}

user = <username> {
login = cleartext "<password>"
before authorization "echo \"access=look\"; exit 2"
name = "<username> look login"
}

user = <username> {
login = des "<encrypt_pwd>"
before authorization "echo \"access=touch\"; exit 2"
name = "<username> touch login"
}

Variable Description
<key> the TACACS+ secret key
<username> User name of the TACACS+ user
<password> Clear text password for a TACACS+ user
<encrypt_pwd> Encrypted password for a TACACS+ user

Start the TACACS+ Server

Once your user and password settings have been configured, issue the command to start the TACACS+ server. For example:

/etc/init.d/tacacs_plus start