[tac_plus] Re: problem with conversion of configuration file for old version of TACACS+ to configuration file for current version of TACACS+

john heasley heas at shrubbery.net
Thu Dec 3 20:46:30 UTC 2009 

Thu, Dec 03, 2009 at 07:15:42PM +0100, psy chaotic:
> Hi,
> I have this problem. I have configuration file from old version TACACS+
> 
> "tac_plus-F4.0.3.alpha.8.gts4",
> 
> if I tried this configuration file use in the version -  "tacacs+-F4.0.4.19"
> 
> => "tac_plus -C my_old_conf_file"
> 
> it ended with the errors. I found at the testing problems in the
> grammar of the old configuration file. This are
> problematic tokens and keywords (and their usage in conf. file):
> 
> 1) Unrecognised token "authorization" on line ...
> 
>   authorization = recursive
> 
>   - in head of configuration file
> 
> 2) Unrecognised keyword "when" for user on line ...
> 
>   user = user_name {
>     login = des des_string
>     when = group group_name {
>         member = group1
>     }
> }
> 
> 3) Unrecognised keyword "enlist" for user on line ...
> 
> group = group_name {
>     enlist = host IP1
>     enlist = host IP2
> }
> 
> 4) Duplicated value for <string> group1 and group2 on line ... =>
> keyword "member"
> 
>   user = user_name {
>     login = des des_string
>     pap = des des_string
>     member = group1
>     member = group2
> }

it currents allows only one group membership, but group2 could be a member
of group1.  that may be the authorizationb=recursive bit above.

otherwise, i dont know what those keywords do.  you will have to look at
the manpage for the old tacacs to know what the equivalent is in the new.

> I didn?t create this configuration file, my task is this old
> configuration file convert
> to functional configuration file for current version
> "tacacs+-F4.0.4.19". I don?t
> know functionality of these (deprecated) keywords/tokens and therefore
> I don?t know how
> replace these tokens for current version TACACS+ with the same
> functionality. I need any
> suggestion or at least link onto the documentation with detailed
> description keywords and
> tokens from configuration file for old and current version of TACACS+.
> Thanks for any
> suggestion

the tac_plus.conf(5) manpage has a fairly thorough description of the
configuration.  let us know if anything is missing.

More information about the tac_plus mailing list