[tac_plus] tac_plus on centos7, script vs. manual startup

Asif Iqbal vadud3 at gmail.com
Tue Feb 13 00:27:27 UTC 2018 

I use something similar to this with centos 7, a custom systemd tacacs
service

# cat /etc/systemd/system/tacacs.service
[Unit]
Description=TACACS+ daemon instance tacacs
Documentation=man:tac_plus(8) man:tac_plus.conf(5)
After=network.target

[Service]
Type=simple
ExecStartPre=/usr/local/sbin/tac_plus -P -C /etc/tacacs/tacacs.conf
ExecStart=/usr/local/sbin/tac_plus_mss -G -C /etc/tacacs.conf -l
/var/log/tacacs.daemon.log -p 49 -d 8 -d 16
ExecReload=/bin/sh -c "/usr/local/sbin/tac_plus -P -C /etc/tacacs.conf
>/dev/null 2>&1" && /bin/kill -HUP $MAINPID"
Restart=always

[Install]
WantedBy=multi-user.target

It should work perfectly with systemd. The only odd thing is tac_plus uses
wrong syslog priority level for some of the status
messages and they show red even for success. I already have an email about
this and have not see any response to that.

However, actually systemd fuctionality should be fine and I have it tested
and running in production







On Mon, Feb 12, 2018 at 11:02 AM, Rick Coloccia <coloccia at geneseo.edu>
wrote:

> Hi,
>
> I've been using tac_plus for years, never any issues. Thanks for it!
>
> Last week we replaced an older centos box with a cenos7 box. I installed
> tac_plus using an rpm from pbone.net.
>
> I could not get it to work to save my life. I messed around with the
> tacplus config, the pam config, no luck at all. I was at witt's end.
>
> I started the process manually with a bunch of -d from the cli and it lit
> right up. Then I killed it, started it without all the -d from the cli and
> it still worked.
>
> So now I'm confused. When I allow the binary to start using the scripts it
> won't function, when I start it from cli it works fine.
>
> when I run:
>
> [root at localhost log]# ps auxw | grep tac_
> root     16163  0.0  0.0  26000   528 ?        S    10:30   0:00
> /usr/bin/tac_plus -C /etc/tac_plus.conf
>
> and when I run:
>
> [root at localhost log]# netstat -anp | grep tac_
> tcp        0      0 0.0.0.0:49 0.0.0.0:*               LISTEN
> 16163/tac_plus
> unix  2      [ ]         DGRAM                    6079166 16163/tac_plus
>
>
> The output is the same regardless of whether I started via cli or scripts.
>
>
> I just don't know where to go from here. Looking for suggestions.
>
> Thanks!
>
> -Rick
>
>
> --
> Rick Coloccia, Jr.
> Network Manager
> State University of NY College at Geneseo
> 1 College Circle
> <https://maps.google.com/?q=1+College+Circle&entry=gmail&source=g>, 119
> South Hall
> Geneseo, NY 14454
> V: 585-245-5577
> F: 585-245-5579
>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20180212/8b9e3ee0/attachment.html>

More information about the tac_plus mailing list