From elliot.johnson at hayley-group.co.uk Mon May 16 17:27:09 2022 From: elliot.johnson at hayley-group.co.uk (Elliot Johnson) Date: Mon, 16 May 2022 17:27:09 +0000 Subject: [tac_plus] Please help with tac_plus Message-ID: Hello, We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. We have a config with a group section like this: group = netadmin { default service = permit acl = hgl service = exec { priv-lvl = 15 } } When we start the tac_plus process, we get this reported by systemd: May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected Line 22 is "default service = permit" What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. Thank you for your time. Kind regards, Elliot Johnson - Infrastructure Manager - Group IT Hayley Group Limited Shelah Road, Halesowen, West Midlands, B63 3PG, England [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk Company No: 1257303 VAT No: GB 292 0546 04 The information contained in this e-mail is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, the use of this information or any disclosure, copying or distribution is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender immediately and delete the material from any computer. The views expressed in this e-mail may not necessarily be the views of Hayley Group Limited and should not be taken as authority to carry out any instruction contained within. -------------- next part -------------- An HTML attachment was scrubbed... URL: From acruhl at gmail.com Mon May 16 18:24:03 2022 From: acruhl at gmail.com (Andy Ruhl) Date: Mon, 16 May 2022 11:24:03 -0700 Subject: [tac_plus] Please help with tac_plus In-Reply-To: References: Message-ID: Try fixing the excessive spacing in those statements maybe? Make something look like "this = that" and not "this = that" for example. Andy On Mon, May 16, 2022 at 11:19 AM Elliot Johnson wrote: > > Hello, > > We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. > > We have a config with a group section like this: > > group = netadmin { > default service = permit > acl = hgl > service = exec { > priv-lvl = 15 > } > } > > When we start the tac_plus process, we get this reported by systemd: > > May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected > > Line 22 is "default service = permit" > > What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. > > Thank you for your time. > > Kind regards, > > > Elliot Johnson - Infrastructure Manager - Group IT > Hayley Group Limited > Shelah Road, Halesowen, West Midlands, B63 3PG, England > [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk > Company No: 1257303 VAT No: GB 292 0546 04 The information contained in this e-mail is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, the use of this information or any disclosure, copying or distribution is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender immediately and delete the material from any computer. The views expressed in this e-mail may not necessarily be the views of Hayley Group Limited and should not be taken as authority to carry out any instruction contained within. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > _______________________________________________ > tac_plus mailing list > tac_plus at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/tac_plus From heas at shrubbery.net Mon May 16 18:42:51 2022 From: heas at shrubbery.net (heasley) Date: Mon, 16 May 2022 18:42:51 +0000 Subject: [tac_plus] Please help with tac_plus In-Reply-To: References: Message-ID: Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: > Hello, > > We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. > > We have a config with a group section like this: > > group = netadmin { > default service = permit > acl = hgl > service = exec { > priv-lvl = 15 > } > } > > When we start the tac_plus process, we get this reported by systemd: > > May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected > > Line 22 is "default service = permit" > > What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. Your syntax looks correct. I expect that you either have unprintable characters on line 22 or there is an error on a preceding line that is trickling down to line 22. From philipp_subx at redfish-solutions.com Mon May 16 19:16:28 2022 From: philipp_subx at redfish-solutions.com (Philip Prindeville) Date: Mon, 16 May 2022 13:16:28 -0600 Subject: [tac_plus] Please help with tac_plus In-Reply-To: References: Message-ID: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> > On May 16, 2022, at 12:42 PM, heasley wrote: > > Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: >> Hello, >> >> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. >> >> We have a config with a group section like this: >> >> group = netadmin { >> default service = permit >> acl = hgl >> service = exec { >> priv-lvl = 15 >> } >> } >> >> When we start the tac_plus process, we get this reported by systemd: >> >> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected >> >> Line 22 is "default service = permit" >> >> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. > > Your syntax looks correct. I expect that you either have unprintable > characters on line 22 or there is an error on a preceding line that is > trickling down to line 22. > Is it the config file it's complaining about, or the init.d script? Can you include "cat -n /etc/rc.d/init.d/tac_plus"? From elliot.johnson at hayley-group.co.uk Mon May 16 19:41:36 2022 From: elliot.johnson at hayley-group.co.uk (Elliot Johnson) Date: Mon, 16 May 2022 19:41:36 +0000 Subject: [tac_plus] Please help with tac_plus In-Reply-To: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> References: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> Message-ID: Hey, thanks for the response ? I have already tried deleting the line and retyping to weed out any odd characters, but no luck. This is the cat output: [root at g000063 ejohnson]# cat -n /etc/rc.d/init.d/tac_plus 1 #!/bin/bash 2 # 3 # description: Cisco's tacacs+ access, authorization, and accounting server. 4 # chkconfig: 345 15 85 5 # 6 ### BEGIN INIT INFO 7 # Provides: tacacs tacacs+ tac_plus 8 # Required-Start: $network 9 # Required-Stop: $network 10 # Default-Start: 3 4 5 11 # Short-Description: TACACS+ server based on Cisco source release 12 # Description: Starts and stops tac_plus TACACS+ server 13 ### END INIT INFO 14 15 # Source function library. 16 . /etc/rc.d/init.d/functions 17 18 # Source networking configuration. 19 . /etc/sysconfig/network 20 21 # Check that networking is up. 22 [ ${NETWORKING} = "no" ] && exit 0 23 24 CONFIG=/etc/tac_plus.conf 25 26 [ -f $CONFIG ] || exit 1 27 28 [ -r /etc/sysconfig/tac_plus ] && . /etc/sysconfig/tac_plus 29 30 # See how we were called. 31 case "$1" in 32 start) 33 # Start daemons. 34 echo -n "Starting tacacs+: " 35 daemon /usr/bin/tac_plus -C $CONFIG ${LOGFILE:+-l $LOGFILE} ${WHOLOG:+-w $WHOLOG} ${DEBUG_LEVEL:+-d $DEBUG_LEVEL} 36 RETVAL=$? 37 echo 38 [ $RETVAL == 0 ] && touch /var/lock/subsys/tac_plus 39 ;; 40 stop) 41 # Stop daemons. 42 echo -n "Shutting down tacacs+: " 43 killproc tac_plus 44 RETVAL=$? 45 echo 46 [ $RETVAL == 0 ] && rm -f /var/lock/subsys/tac_plus 47 ;; 48 status) 49 status tac_plus 50 exit $? 51 ;; 52 restart) 53 $0 stop 54 $0 start 55 exit $? 56 ;; 57 reload) 58 kill -USR1 `cat /var/run/tac_plus.pid` 59 ;; 60 *) 61 echo "Usage: tacacs {start|stop|status|restart|reload}" 62 exit 1 63 esac 64 exit $RETVAL [root at g000063 ejohnson]# Elliot Johnson - Infrastructure Manager - Group IT Hayley Group Limited Shelah Road, Halesowen, West Midlands, B63 3PG, England [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk ________________________________ From: Philip Prindeville Sent: 16 May 2022 20:16 To: heasley Cc: Elliot Johnson ; tac_plus at shrubbery.net Subject: Re: [tac_plus] Please help with tac_plus > On May 16, 2022, at 12:42 PM, heasley wrote: > > Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: >> Hello, >> >> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. >> >> We have a config with a group section like this: >> >> group = netadmin { >> default service = permit >> acl = hgl >> service = exec { >> priv-lvl = 15 >> } >> } >> >> When we start the tac_plus process, we get this reported by systemd: >> >> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected >> >> Line 22 is "default service = permit" >> >> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. > > Your syntax looks correct. I expect that you either have unprintable > characters on line 22 or there is an error on a preceding line that is > trickling down to line 22. > Is it the config file it's complaining about, or the init.d script? Can you include "cat -n /etc/rc.d/init.d/tac_plus"? Company No: 1257303 VAT No: GB 292 0546 04 The information contained in this e-mail is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, the use of this information or any disclosure, copying or distribution is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender immediately and delete the material from any computer. The views expressed in this e-mail may not necessarily be the views of Hayley Group Limited and should not be taken as authority to carry out any instruction contained within. -------------- next part -------------- An HTML attachment was scrubbed... URL: From elliot.johnson at hayley-group.co.uk Mon May 16 19:58:17 2022 From: elliot.johnson at hayley-group.co.uk (Elliot Johnson) Date: Mon, 16 May 2022 19:58:17 +0000 Subject: [tac_plus] Please help with tac_plus In-Reply-To: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> References: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> Message-ID: I changed the line 22 in the init script from: [ ${NETWORKING} = "no" ] && exit 0 to [[ ${NETWORKING} = "no" ]] && exit 0 and it seems to be behaving now. Thanks for pointing out the script that it was actually referring to ? Cheers all Elliot ________________________________ From: Philip Prindeville Sent: 16 May 2022 20:16 To: heasley Cc: Elliot Johnson ; tac_plus at shrubbery.net Subject: Re: [tac_plus] Please help with tac_plus > On May 16, 2022, at 12:42 PM, heasley wrote: > > Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: >> Hello, >> >> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. >> >> We have a config with a group section like this: >> >> group = netadmin { >> default service = permit >> acl = hgl >> service = exec { >> priv-lvl = 15 >> } >> } >> >> When we start the tac_plus process, we get this reported by systemd: >> >> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected >> >> Line 22 is "default service = permit" >> >> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. > > Your syntax looks correct. I expect that you either have unprintable > characters on line 22 or there is an error on a preceding line that is > trickling down to line 22. > Is it the config file it's complaining about, or the init.d script? Can you include "cat -n /etc/rc.d/init.d/tac_plus"? Company No: 1257303 VAT No: GB 292 0546 04 The information contained in this e-mail is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, the use of this information or any disclosure, copying or distribution is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender immediately and delete the material from any computer. The views expressed in this e-mail may not necessarily be the views of Hayley Group Limited and should not be taken as authority to carry out any instruction contained within. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bferrell at baywinds.org Mon May 16 20:13:41 2022 From: bferrell at baywinds.org (Bruce Ferrell) Date: Mon, 16 May 2022 13:13:41 -0700 Subject: [tac_plus] Please help with tac_plus In-Reply-To: References: Message-ID: <1f04532c-00c2-282b-cd9f-42774399370b@baywinds.org> On 5/16/22 11:42 AM, heasley wrote: > Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: >> Hello, >> >> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. >> >> We have a config with a group section like this: >> >> group = netadmin { >> default service = permit >> acl = hgl >> service = exec { >> priv-lvl = 15 >> } >> } >> >> When we start the tac_plus process, we get this reported by systemd: >> >> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected >> >> Line 22 is "default service = permit" >> >> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. > Your syntax looks correct. I expect that you either have unprintable > characters on line 22 or there is an error on a preceding line that is > trickling down to line 22. Are you sure about this one: default service = permit In the example config, I have this: acl = default { #permit = 192\.168\.0\. permit = 192\.168\.2\.1 } group = admin { # group members who don't have their own login password will be # looked up in /etc/passwd #login = file /etc/passwd login = PAM # group members who have no expiry date set will use this one #expires = "Jan 1 1997" # only allow access to specific routers acl = default # Needed for the router to make commands available to user (subject # to authorization if so configured on the router service = exec { priv-lvl = 15 #default service = permit } when I uncomment the line, I get this error: Error expecting 'string' but found 'default' on line 37 Every other place I see permit in the example config, it's on the left side of the equal sign. From bferrell at baywinds.org Mon May 16 21:00:46 2022 From: bferrell at baywinds.org (Bruce Ferrell) Date: Mon, 16 May 2022 14:00:46 -0700 Subject: [tac_plus] Please help with tac_plus In-Reply-To: References: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> Message-ID: On 5/16/22 12:41 PM, Elliot Johnson wrote: > Hey, thanks for the response ? > > I have already tried deleting the line and retyping to weed out any odd characters, but no luck. > > This is the cat output: > > [root at g000063 ejohnson]# cat -n /etc/rc.d/init.d/tac_plus > 1 #!/bin/bash > 2 # > 3 # description: Cisco's tacacs+ access, authorization, and accounting server. > 4 # chkconfig: 345 15 85 > 5 # > 6 ### BEGIN INIT INFO > 7 # Provides: tacacs tacacs+ tac_plus > 8 # Required-Start: $network > 9 # Required-Stop: $network > 10 # Default-Start: 3 4 5 > 11 # Short-Description: TACACS+ server based on Cisco source release > 12 # Description: Starts and stops tac_plus TACACS+ server > 13 ### END INIT INFO > 14 > 15 # Source function library. > 16 . /etc/rc.d/init.d/functions > 17 > 18 # Source networking configuration. > 19 . /etc/sysconfig/network > 20 > 21 # Check that networking is up. > 22 [ ${NETWORKING} = "no" ] && exit 0 > 23 > 24 CONFIG=/etc/tac_plus.conf > 25 > 26 [ -f $CONFIG ] || exit 1 > 27 > 28 [ -r /etc/sysconfig/tac_plus ] && . /etc/sysconfig/tac_plus > 29 > 30 # See how we were called. > 31 case "$1" in > 32 start) > 33 # Start daemons. > 34 echo -n "Starting tacacs+: " > 35 daemon /usr/bin/tac_plus -C $CONFIG ${LOGFILE:+-l $LOGFILE} ${WHOLOG:+-w $WHOLOG} ${DEBUG_LEVEL:+-d $DEBUG_LEVEL} > 36 RETVAL=$? > 37 echo > 38 [ $RETVAL == 0 ] && touch /var/lock/subsys/tac_plus > 39 ;; > 40 stop) > 41 # Stop daemons. > 42 echo -n "Shutting down tacacs+: " > 43 killproc tac_plus > 44 RETVAL=$? > 45 echo > 46 [ $RETVAL == 0 ] && rm -f /var/lock/subsys/tac_plus > 47 ;; > 48 status) > 49 status tac_plus > 50 exit $? > 51 ;; > 52 restart) > 53 $0 stop > 54 $0 start > 55 exit $? > 56 ;; > 57 reload) > 58 kill -USR1 `cat /var/run/tac_plus.pid` > 59 ;; > 60 *) > 61 echo "Usage: tacacs {start|stop|status|restart|reload}" > 62 exit 1 > 63 esac > 64 exit $RETVAL > [root at g000063 ejohnson]# > > Elliot Johnson - Infrastructure Manager - Group IT > Hayley Group Limited > Shelah Road, Halesowen, West Midlands, B63 3PG, England > [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk > ________________________________ > From: Philip Prindeville > Sent: 16 May 2022 20:16 > To: heasley > Cc: Elliot Johnson ; tac_plus at shrubbery.net > Subject: Re: [tac_plus] Please help with tac_plus > > > >> On May 16, 2022, at 12:42 PM, heasley wrote: >> >> Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: >>> Hello, >>> >>> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. >>> >>> We have a config with a group section like this: >>> >>> group = netadmin { >>> default service = permit >>> acl = hgl >>> service = exec { >>> priv-lvl = 15 >>> } >>> } >>> >>> When we start the tac_plus process, we get this reported by systemd: >>> >>> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected >>> >>> Line 22 is "default service = permit" >>> >>> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. >> Your syntax looks correct. I expect that you either have unprintable >> characters on line 22 or there is an error on a preceding line that is >> trickling down to line 22. >> > > Is it the config file it's complaining about, or the init.d script? Can you include "cat -n /etc/rc.d/init.d/tac_plus"? > > > > Company No: 1257303 VAT No: GB 292 0546 04 The information contained in this e-mail is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, the use of this information or any disclosure, copying or distribution is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender immediately and delete the material from any computer. The views expressed in this e-mail may not necessarily be the views of Hayley Group Limited and should not be taken as authority to carry out any instruction contained within. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > _______________________________________________ > tac_plus mailing list > tac_plus at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/tac_plus The error is clearly the file ?? ? /etc/tac_plus.conf that is being complained about. I think that the line is incorrect, just in general because it's commented out in the example distributed with the code. From john at op-sec.us Mon May 16 21:35:15 2022 From: john at op-sec.us (John Fraizer) Date: Mon, 16 May 2022 17:35:15 -0400 Subject: [tac_plus] Please help with tac_plus In-Reply-To: References: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> Message-ID: It?s the config, not the init script. On Mon, May 16, 2022 at 3:41 PM Elliot Johnson < elliot.johnson at hayley-group.co.uk> wrote: > Hey, thanks for the response ? > > I have already tried deleting the line and retyping to weed out any odd > characters, but no luck. > > This is the cat output: > > [root at g000063 ejohnson]# cat -n /etc/rc.d/init.d/tac_plus > 1 #!/bin/bash > 2 # > 3 # description: Cisco's tacacs+ access, authorization, and > accounting server. > 4 # chkconfig: 345 15 85 > 5 # > 6 ### BEGIN INIT INFO > 7 # Provides: tacacs tacacs+ tac_plus > 8 # Required-Start: $network > 9 # Required-Stop: $network > 10 # Default-Start: 3 4 5 > 11 # Short-Description: TACACS+ server based on Cisco source release > 12 # Description: Starts and stops tac_plus TACACS+ server > 13 ### END INIT INFO > 14 > 15 # Source function library. > 16 . /etc/rc.d/init.d/functions > 17 > 18 # Source networking configuration. > 19 . /etc/sysconfig/network > 20 > 21 # Check that networking is up. > 22 [ ${NETWORKING} = "no" ] && exit 0 > 23 > 24 CONFIG=/etc/tac_plus.conf > 25 > 26 [ -f $CONFIG ] || exit 1 > 27 > 28 [ -r /etc/sysconfig/tac_plus ] && . /etc/sysconfig/tac_plus > 29 > 30 # See how we were called. > 31 case "$1" in > 32 start) > 33 # Start daemons. > 34 echo -n "Starting tacacs+: " > 35 daemon /usr/bin/tac_plus -C $CONFIG ${LOGFILE:+-l > $LOGFILE} ${WHOLOG:+-w $WHOLOG} ${DEBUG_LEVEL:+-d $DEBUG_LEVEL} > 36 RETVAL=$? > 37 echo > 38 [ $RETVAL == 0 ] && touch /var/lock/subsys/tac_plus > 39 ;; > 40 stop) > 41 # Stop daemons. > 42 echo -n "Shutting down tacacs+: " > 43 killproc tac_plus > 44 RETVAL=$? > 45 echo > 46 [ $RETVAL == 0 ] && rm -f /var/lock/subsys/tac_plus > 47 ;; > 48 status) > 49 status tac_plus > 50 exit $? > 51 ;; > 52 restart) > 53 $0 stop > 54 $0 start > 55 exit $? > 56 ;; > 57 reload) > 58 kill -USR1 `cat /var/run/tac_plus.pid` > 59 ;; > 60 *) > 61 echo "Usage: tacacs {start|stop|status|restart|reload}" > 62 exit 1 > 63 esac > 64 exit $RETVAL > [root at g000063 ejohnson]# > > Elliot Johnson - Infrastructure Manager - Group IT > Hayley Group Limited > Shelah Road, Halesowen, West Midlands, B63 3PG, England > [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk > > ________________________________ > From: Philip Prindeville > Sent: 16 May 2022 20:16 > To: heasley > Cc: Elliot Johnson ; > tac_plus at shrubbery.net > Subject: Re: [tac_plus] Please help with tac_plus > > > > > On May 16, 2022, at 12:42 PM, heasley wrote: > > > > Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: > >> Hello, > >> > >> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. > >> > >> We have a config with a group section like this: > >> > >> group = netadmin { > >> default service = permit > >> acl = hgl > >> service = exec { > >> priv-lvl = 15 > >> } > >> } > >> > >> When we start the tac_plus process, we get this reported by systemd: > >> > >> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: > line 22: [: =: unary operator expected > >> > >> Line 22 is "default service = permit" > >> > >> What is the syntax we should use for this config entry? All the online > guides only suggest what we have already put. > > > > Your syntax looks correct. I expect that you either have unprintable > > characters on line 22 or there is an error on a preceding line that is > > trickling down to line 22. > > > > > Is it the config file it's complaining about, or the init.d script? Can > you include "cat -n /etc/rc.d/init.d/tac_plus"? > > > > Company No: 1257303 VAT No: GB 292 0546 04 The information contained in > this e-mail is intended only for the person or entity to which it is > addressed and may contain confidential and/or privileged material. If you > are not the intended recipient of this e-mail, the use of this information > or any disclosure, copying or distribution is strictly prohibited and may > be unlawful. If you received this e-mail in error, please contact the > sender immediately and delete the material from any computer. The views > expressed in this e-mail may not necessarily be the views of Hayley Group > Limited and should not be taken as authority to carry out any instruction > contained within. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.shrubbery.net/pipermail/tac_plus/attachments/20220516/8d88198a/attachment.htm > > > _______________________________________________ > tac_plus mailing list > tac_plus at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/tac_plus > -- -- John Fraizer LinkedIn profile: http://www.linkedin.com/in/johnfraizer/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From bferrell at baywinds.org Mon May 16 21:59:50 2022 From: bferrell at baywinds.org (Bruce Ferrell) Date: Mon, 16 May 2022 14:59:50 -0700 Subject: [tac_plus] Please help with tac_plus In-Reply-To: References: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> Message-ID: <315d6ee0-0fc8-0115-b339-68e7772034de@baywinds.org> I finally got "stupid" and checked the man page for tac_plus.conf: ?Note: if used, must precede? all? other ????????????? directives in a clause. so THIS: user = joe { ??????? default service = permit ??????? login = PAM ??????? #member = sysadmin ??????? member = admin } is a valid use of "default service".? For the record, I put it into the stanza after the line login = PAM and got another error On 5/16/22 2:35 PM, John Fraizer wrote: > It?s the config, not the init script. > > On Mon, May 16, 2022 at 3:41 PM Elliot Johnson < > elliot.johnson at hayley-group.co.uk> wrote: > >> Hey, thanks for the response ? >> >> I have already tried deleting the line and retyping to weed out any odd >> characters, but no luck. >> >> This is the cat output: >> >> [root at g000063 ejohnson]# cat -n /etc/rc.d/init.d/tac_plus >> 1 #!/bin/bash >> 2 # >> 3 # description: Cisco's tacacs+ access, authorization, and >> accounting server. >> 4 # chkconfig: 345 15 85 >> 5 # >> 6 ### BEGIN INIT INFO >> 7 # Provides: tacacs tacacs+ tac_plus >> 8 # Required-Start: $network >> 9 # Required-Stop: $network >> 10 # Default-Start: 3 4 5 >> 11 # Short-Description: TACACS+ server based on Cisco source release >> 12 # Description: Starts and stops tac_plus TACACS+ server >> 13 ### END INIT INFO >> 14 >> 15 # Source function library. >> 16 . /etc/rc.d/init.d/functions >> 17 >> 18 # Source networking configuration. >> 19 . /etc/sysconfig/network >> 20 >> 21 # Check that networking is up. >> 22 [ ${NETWORKING} = "no" ] && exit 0 >> 23 >> 24 CONFIG=/etc/tac_plus.conf >> 25 >> 26 [ -f $CONFIG ] || exit 1 >> 27 >> 28 [ -r /etc/sysconfig/tac_plus ] && . /etc/sysconfig/tac_plus >> 29 >> 30 # See how we were called. >> 31 case "$1" in >> 32 start) >> 33 # Start daemons. >> 34 echo -n "Starting tacacs+: " >> 35 daemon /usr/bin/tac_plus -C $CONFIG ${LOGFILE:+-l >> $LOGFILE} ${WHOLOG:+-w $WHOLOG} ${DEBUG_LEVEL:+-d $DEBUG_LEVEL} >> 36 RETVAL=$? >> 37 echo >> 38 [ $RETVAL == 0 ] && touch /var/lock/subsys/tac_plus >> 39 ;; >> 40 stop) >> 41 # Stop daemons. >> 42 echo -n "Shutting down tacacs+: " >> 43 killproc tac_plus >> 44 RETVAL=$? >> 45 echo >> 46 [ $RETVAL == 0 ] && rm -f /var/lock/subsys/tac_plus >> 47 ;; >> 48 status) >> 49 status tac_plus >> 50 exit $? >> 51 ;; >> 52 restart) >> 53 $0 stop >> 54 $0 start >> 55 exit $? >> 56 ;; >> 57 reload) >> 58 kill -USR1 `cat /var/run/tac_plus.pid` >> 59 ;; >> 60 *) >> 61 echo "Usage: tacacs {start|stop|status|restart|reload}" >> 62 exit 1 >> 63 esac >> 64 exit $RETVAL >> [root at g000063 ejohnson]# >> >> Elliot Johnson - Infrastructure Manager - Group IT >> Hayley Group Limited >> Shelah Road, Halesowen, West Midlands, B63 3PG, England >> [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk >> >> ________________________________ >> From: Philip Prindeville >> Sent: 16 May 2022 20:16 >> To: heasley >> Cc: Elliot Johnson ; >> tac_plus at shrubbery.net >> Subject: Re: [tac_plus] Please help with tac_plus >> >> >> >>> On May 16, 2022, at 12:42 PM, heasley wrote: >>> >>> Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: >>>> Hello, >>>> >>>> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. >>>> >>>> We have a config with a group section like this: >>>> >>>> group = netadmin { >>>> default service = permit >>>> acl = hgl >>>> service = exec { >>>> priv-lvl = 15 >>>> } >>>> } >>>> >>>> When we start the tac_plus process, we get this reported by systemd: >>>> >>>> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: >> line 22: [: =: unary operator expected >>>> Line 22 is "default service = permit" >>>> >>>> What is the syntax we should use for this config entry? All the online >> guides only suggest what we have already put. >>> Your syntax looks correct. I expect that you either have unprintable >>> characters on line 22 or there is an error on a preceding line that is >>> trickling down to line 22. >>> >> >> Is it the config file it's complaining about, or the init.d script? Can >> you include "cat -n /etc/rc.d/init.d/tac_plus"? >> >> >> >> Company No: 1257303 VAT No: GB 292 0546 04 The information contained in >> this e-mail is intended only for the person or entity to which it is >> addressed and may contain confidential and/or privileged material. If you >> are not the intended recipient of this e-mail, the use of this information >> or any disclosure, copying or distribution is strictly prohibited and may >> be unlawful. If you received this e-mail in error, please contact the >> sender immediately and delete the material from any computer. The views >> expressed in this e-mail may not necessarily be the views of Hayley Group >> Limited and should not be taken as authority to carry out any instruction >> contained within. >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: < >> http://www.shrubbery.net/pipermail/tac_plus/attachments/20220516/8d88198a/attachment.htm >> _______________________________________________ >> tac_plus mailing list >> tac_plus at www.shrubbery.net >> https://www.shrubbery.net/mailman/listinfo/tac_plus >> From philipp_subx at redfish-solutions.com Mon May 16 22:16:28 2022 From: philipp_subx at redfish-solutions.com (Philip Prindeville) Date: Mon, 16 May 2022 16:16:28 -0600 Subject: [tac_plus] Please help with tac_plus In-Reply-To: References: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> Message-ID: <317075AE-1A4D-48E6-AB94-CD1AE17D2346@redfish-solutions.com> Actually, you don't need "[[" as it's a bashism. I'd try: [ "${NETWORKING}" = "no"] && exit 0 instead. > On May 16, 2022, at 1:58 PM, Elliot Johnson wrote: > > I changed the line 22 in the init script from: > > [ ${NETWORKING} = "no" ] && exit 0 > to > [[ ${NETWORKING} = "no" ]] && exit 0 > > and it seems to be behaving now. > > Thanks for pointing out the script that it was actually referring to ? > > Cheers all > > Elliot > From: Philip Prindeville > Sent: 16 May 2022 20:16 > To: heasley > Cc: Elliot Johnson ; tac_plus at shrubbery.net > Subject: Re: [tac_plus] Please help with tac_plus > > > > > On May 16, 2022, at 12:42 PM, heasley wrote: > > > > Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: > >> Hello, > >> > >> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. > >> > >> We have a config with a group section like this: > >> > >> group = netadmin { > >> default service = permit > >> acl = hgl > >> service = exec { > >> priv-lvl = 15 > >> } > >> } > >> > >> When we start the tac_plus process, we get this reported by systemd: > >> > >> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected > >> > >> Line 22 is "default service = permit" > >> > >> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. > > > > Your syntax looks correct. I expect that you either have unprintable > > characters on line 22 or there is an error on a preceding line that is > > trickling down to line 22. > > > > > Is it the config file it's complaining about, or the init.d script? Can you include "cat -n /etc/rc.d/init.d/tac_plus"? > > > > Company No: 1257303 VAT No: GB 292 0546 04 The information contained in this e-mail is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, the use of this information or any disclosure, copying or distribution is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender immediately and delete the material from any computer. The views expressed in this e-mail may not necessarily be the views of Hayley Group Limited and should not be taken as authority to carry out any instruction contained within. From philipp at redfish-solutions.com Mon May 16 22:20:32 2022 From: philipp at redfish-solutions.com (Philip Prindeville) Date: Mon, 16 May 2022 16:20:32 -0600 Subject: [tac_plus] Please help with tac_plus In-Reply-To: References: <69497E67-1FF4-41B2-8855-9AA25BBA0EEC@redfish-solutions.com> Message-ID: <4FB87FF2-ACF4-4026-A116-BDED2543016A@redfish-solutions.com> > On May 16, 2022, at 3:00 PM, Bruce Ferrell wrote: > > On 5/16/22 12:41 PM, Elliot Johnson wrote: > >> Hey, thanks for the response ? >> >> I have already tried deleting the line and retyping to weed out any odd characters, but no luck. >> >> This is the cat output: >> >> [root at g000063 ejohnson]# cat -n /etc/rc.d/init.d/tac_plus >> 1 #!/bin/bash >> 2 # >> 3 # description: Cisco's tacacs+ access, authorization, and accounting server. >> 4 # chkconfig: 345 15 85 >> 5 # >> 6 ### BEGIN INIT INFO >> 7 # Provides: tacacs tacacs+ tac_plus >> 8 # Required-Start: $network >> 9 # Required-Stop: $network >> 10 # Default-Start: 3 4 5 >> 11 # Short-Description: TACACS+ server based on Cisco source release >> 12 # Description: Starts and stops tac_plus TACACS+ server >> 13 ### END INIT INFO >> 14 >> 15 # Source function library. >> 16 . /etc/rc.d/init.d/functions >> 17 >> 18 # Source networking configuration. >> 19 . /etc/sysconfig/network You're inheriting $NETWORKING here... It should be "yes" or "no". >> 20 >> 21 # Check that networking is up. >> 22 [ ${NETWORKING} = "no" ] && exit 0 Put quotes around "${NETWORKING}" instead. -Philip >> 23 >> 24 CONFIG=/etc/tac_plus.conf >> 25 >> 26 [ -f $CONFIG ] || exit 1 >> 27 >> 28 [ -r /etc/sysconfig/tac_plus ] && . /etc/sysconfig/tac_plus >> 29 >> 30 # See how we were called. >> 31 case "$1" in >> 32 start) >> 33 # Start daemons. >> 34 echo -n "Starting tacacs+: " >> 35 daemon /usr/bin/tac_plus -C $CONFIG ${LOGFILE:+-l $LOGFILE} ${WHOLOG:+-w $WHOLOG} ${DEBUG_LEVEL:+-d $DEBUG_LEVEL} >> 36 RETVAL=$? >> 37 echo >> 38 [ $RETVAL == 0 ] && touch /var/lock/subsys/tac_plus >> 39 ;; >> 40 stop) >> 41 # Stop daemons. >> 42 echo -n "Shutting down tacacs+: " >> 43 killproc tac_plus >> 44 RETVAL=$? >> 45 echo >> 46 [ $RETVAL == 0 ] && rm -f /var/lock/subsys/tac_plus >> 47 ;; >> 48 status) >> 49 status tac_plus >> 50 exit $? >> 51 ;; >> 52 restart) >> 53 $0 stop >> 54 $0 start >> 55 exit $? >> 56 ;; >> 57 reload) >> 58 kill -USR1 `cat /var/run/tac_plus.pid` >> 59 ;; >> 60 *) >> 61 echo "Usage: tacacs {start|stop|status|restart|reload}" >> 62 exit 1 >> 63 esac >> 64 exit $RETVAL >> [root at g000063 ejohnson]# >> >> Elliot Johnson - Infrastructure Manager - Group IT >> Hayley Group Limited >> Shelah Road, Halesowen, West Midlands, B63 3PG, England >> [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk >> ________________________________ >> From: Philip Prindeville >> Sent: 16 May 2022 20:16 >> To: heasley >> Cc: Elliot Johnson ; tac_plus at shrubbery.net >> Subject: Re: [tac_plus] Please help with tac_plus >> >> >> >>> On May 16, 2022, at 12:42 PM, heasley wrote: >>> >>> Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson: >>>> Hello, >>>> >>>> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box. >>>> >>>> We have a config with a group section like this: >>>> >>>> group = netadmin { >>>> default service = permit >>>> acl = hgl >>>> service = exec { >>>> priv-lvl = 15 >>>> } >>>> } >>>> >>>> When we start the tac_plus process, we get this reported by systemd: >>>> >>>> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected >>>> >>>> Line 22 is "default service = permit" >>>> >>>> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put. >>> Your syntax looks correct. I expect that you either have unprintable >>> characters on line 22 or there is an error on a preceding line that is >>> trickling down to line 22. >>> >> >> Is it the config file it's complaining about, or the init.d script? Can you include "cat -n /etc/rc.d/init.d/tac_plus"? >> >> >> >> Company No: 1257303 VAT No: GB 292 0546 04 The information contained in this e-mail is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, the use of this information or any disclosure, copying or distribution is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender immediately and delete the material from any computer. The views expressed in this e-mail may not necessarily be the views of Hayley Group Limited and should not be taken as authority to carry out any instruction contained within. >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> _______________________________________________ >> tac_plus mailing list >> tac_plus at www.shrubbery.net >> https://www.shrubbery.net/mailman/listinfo/tac_plus > > The error is clearly the file > > /etc/tac_plus.conf > > that is being complained about. > > I think that the line is incorrect, just in general because it's commented out in the example distributed with the code. >