Arista + TACPLUS-NG
bkyarnell opened this issue · 1 comments
Is there a clear guide available that shows the configuration for Arista and tacplus-ng configuration?
I have tacplug-ng installed on RHEL 8.6, netstat shows I'm listenting on TCP 49, but TCP6? To confirm, both IPv4 and IPv6 are running?
netstat -tupln | grep tac
tcp6 0 0 :::49 :::* LISTEN 1412997/tac_plus-ng
I'm not seeing any activity from my Arista switch:
Aaa: %AAA-4-AUTHZ_FALLBACK: Authorization method 'group tacacs+' is currently unavailable; falling back to next method for action 'command15'.
tcpdump on the server running tacplug-ng isn't showing any communication on port 49. Firewalld and iptables are disabled.
my tac_plus-ng config file:
#!/usr/local/sbin/tac_plus-ng
id = spawnd {
background = no
# single process = yes
listen { port = 49 }
spawn {
instances min = 1
instances max = 32
}
}
id = tac_plus-ng-test {
log authenlog {
destination = /var/log/tac_plus/authentication/%Y/%m/%d.log
}
log authorlog {
destination = /var/log/tac_plus/authortization/%Y/%m/%d.log
}
log acctlog {
destination = /var/log/tac_plus/accounting/%Y/%m/%d.log
}
authentication log = authenlog
authorization log = authorlog
accounting log = acctlog
group testgroup
user testuser {
password {
login = clear asdfzxcv1234
}
member = testgroup
}
device test {
address = 0.0.0.0/0
welcome banner = "Welcome to TAC_PLUS !!!\n\n\n"
key = arista
}
profile = admin {
script {
if (service == shell) {
if (cmd == "") {
set priv-lvl = 15
permit
}
}
}
}
profile = testuser {
script {
if (service == shell) {
if (cmd == "") {
set priv-lvl = 15
deny
}
}
}
}
}
debug = ALL USERINPUT
Hi,
tcp6 includes tcp4. In case your Arista switch comes with a "telnet" command it might be possible to validate that the port on your server is open and reachable.
I've no hands-on experience with Arista devices and can't help you with Arista configuration issues.
Cheers,
Marc