[tac_plus] Please help with tac_plus
Bruce Ferrell
bferrell at baywinds.org
Mon May 16 20:13:41 UTC 2022
On 5/16/22 11:42 AM, heasley wrote:
> Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson:
>> Hello,
>>
>> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box.
>>
>> We have a config with a group section like this:
>>
>> group = netadmin {
>> default service = permit
>> acl = hgl
>> service = exec {
>> priv-lvl = 15
>> }
>> }
>>
>> When we start the tac_plus process, we get this reported by systemd:
>>
>> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected
>>
>> Line 22 is "default service = permit"
>>
>> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put.
> Your syntax looks correct. I expect that you either have unprintable
> characters on line 22 or there is an error on a preceding line that is
> trickling down to line 22.
Are you sure about this one:
default service = permit
In the example config, I have this:
acl = default {
#permit = 192\.168\.0\.
permit = 192\.168\.2\.1
}
group = admin {
# group members who don't have their own login password will be
# looked up in /etc/passwd
#login = file /etc/passwd
login = PAM
# group members who have no expiry date set will use this one
#expires = "Jan 1 1997"
# only allow access to specific routers
acl = default
# Needed for the router to make commands available to user (subject
# to authorization if so configured on the router
service = exec {
priv-lvl = 15
#default service = permit
}
when I uncomment the line, I get this error:
Error expecting 'string' but found 'default' on line 37
Every other place I see permit in the example config, it's on the left side of the equal sign.
More information about the tac_plus
mailing list