christian-becker / tac_plus-ng Goto Github PK
View Code? Open in Web Editor NEWRun "tac_plus-ng", a new TACACS+ daemon, on Alpine Linux with Docker.
License: MIT License
tac_plus-ng's People
Contributors
Stargazers
Watchers
tac_plus-ng's Issues
tacacs_plus-ng doesn't start socket
followed:
https://www.pro-bono-publico.de/projects/howto-tac_plus-ng-ads.html
and stuck with a basic configuration to test access
`#!/usr/local/sbin/tac_plus-ng
id = spawnd {
listen = { address = 0.0.0.0 port = 4949 }
}
id = tac_plus-ng {
host IPv4only {
address = 0.0.0.0/0
welcome banner = "\n Welcome to TACACS+NG\n\n"
key = <<<>>
}
profile netadmin {
script {
if (service == shell) {
if (cmd == "") {
set priv-lvl = 15
permit
}
}
}
}
group admin
user cisco {
password login = clear cisco
member = admin
}
ruleset {
rule {
script {
if (member == admin) { profile = netadmin permit }
}
}
}
}`
and have Arista setup to hit the server
tacacs-server key 7 <<<omitted>>> tacacs-server host <<<omitted>>> key 7 <<<omitted>>> aaa authentication login default group tacacs+ local aaa authentication enable default group tacacs+ local
I start the service with debugging
tacacs@tacacs01:~/tac_plugng$ tac_plus-ng -f basic.cfg -d 4 21056: 18:13:42.748 0/00000000: - Version 70da485722588c0e17d03261833d1aeef4575976 initialized 21055: 18:13:42.748 0/00000000: - Version 70da485722588c0e17d03261833d1aeef4575976 initialized
however, a pcap shows that the server does a TCP reset immediately upon receiving a packer on port 49
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on ens18, link-type EN10MB (Ethernet), snapshot length 262144 bytes 18:21:16.673625 IP 201-r0102-08-oobds.16.172.in-addr.arpa.48714 > tacacs01.tacacs: Flags [S], seq 2855777150, win 64240, options [mss 1460,sackOK,TS val 3947280169 ecr 0,nop,wscale 7], length 0 18:21:16.673645 IP tacacs01.tacacs > 201-r0102-08-oobds.16.172.in-addr.arpa.48714: Flags [R.], seq 0, ack 2855777151, win 0, length 0 ^C 2 packets captured 2 packets received by filter 0 packets dropped by kernel
and ss shows that 49 is not active
tacacs@tacacs01:~$ ss | grep 49 u_str ESTAB 0 0 /run/systemd/journal/stdout 35150 * 35149 u_str ESTAB 0 0 * 35149 * 35150 u_str ESTAB 0 0 * 47496 * 47495 u_str ESTAB 0 0 * 28690 * 28349 u_str ESTAB 0 0 * 47495 * 47496 u_str ESTAB 0 0 /run/systemd/journal/stdout 28349 * 28690
What would cause the service to not start recieving on port 49?
UFW & iptables are disabled
System information:
tacacs@tacacs01:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.3 LTS Release: 22.04 Codename: jammy
kernel version:
5.15.0-91-generic
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.