Migration from tac_plus version F4.0.4.27a

Question

Migration from tac_plus version F4.0.4.27a

enoch85 opened this issue 7 months ago · 2 comments

Hi,

We are running tac_plus version F4.0.4.27a on a Debian server, and are in the process of moving away from that server due to legacy OS etc...

I'm just wondering if there's a good "migration path" to tac_plus-ng? From what I've read the requirements are different (less), and the config files looks a bit different..?

I'm new to TACACS+ so please bear with me. :)

Answer 1 · 2024-01-19T17:51:30.000Z

Hi,

if I remember correctly, tac_plus F4... configuration is pretty close to the original Cisco tac_plus syntax. For migration, I'd start with one of the sample configurations provided and align the obvious "host" and "user" configuration parameters (keys, IP addresses, passwords) and assign users to groups.

Other things are pretty much different. E.g., tac_plus-ng got away with service definitions by using profiles and a basic scripting language to model the authorization flow. I'd have a look at the sample configuration, and the documentation might give pretty good starting point, too.

All in all, the complexity of migration pretty much depends on the complexity your existing configuration.

Cheers,

Marc

Answer 2 · 2024-01-19T18:34:47.000Z

Thanks! Will have a look at this next week.

Keeping this open if further questions arise.