[tac_plus] Please help with tac_plus

Bruce Ferrell bferrell at baywinds.org
Mon May 16 21:00:46 UTC 2022 

On 5/16/22 12:41 PM, Elliot Johnson wrote:

> Hey, thanks for the response 🙂
>
> I have already tried deleting the line and retyping to weed out any odd characters, but no luck.
>
> This is the cat output:
>
> [root at g000063 ejohnson]# cat -n /etc/rc.d/init.d/tac_plus
>       1  #!/bin/bash
>       2  #
>       3  # description: Cisco's tacacs+ access, authorization, and accounting server.
>       4  # chkconfig: 345 15 85
>       5  #
>       6  ### BEGIN INIT INFO
>       7  # Provides: tacacs tacacs+ tac_plus
>       8  # Required-Start: $network
>       9  # Required-Stop: $network
>      10  # Default-Start: 3 4 5
>      11  # Short-Description: TACACS+ server based on Cisco source release
>      12  # Description: Starts and stops tac_plus TACACS+ server
>      13  ### END INIT INFO
>      14
>      15  # Source function library.
>      16  . /etc/rc.d/init.d/functions
>      17
>      18  # Source networking configuration.
>      19  . /etc/sysconfig/network
>      20
>      21  # Check that networking is up.
>      22  [ ${NETWORKING} = "no" ] && exit 0
>      23
>      24  CONFIG=/etc/tac_plus.conf
>      25
>      26  [ -f $CONFIG ] || exit 1
>      27
>      28  [ -r /etc/sysconfig/tac_plus ] && . /etc/sysconfig/tac_plus
>      29
>      30  # See how we were called.
>      31  case "$1" in
>      32    start)
>      33          # Start daemons.
>      34          echo -n "Starting tacacs+: "
>      35          daemon /usr/bin/tac_plus -C $CONFIG ${LOGFILE:+-l $LOGFILE}  ${WHOLOG:+-w $WHOLOG} ${DEBUG_LEVEL:+-d $DEBUG_LEVEL}
>      36          RETVAL=$?
>      37          echo
>      38          [ $RETVAL == 0 ] && touch /var/lock/subsys/tac_plus
>      39          ;;
>      40    stop)
>      41          # Stop daemons.
>      42          echo -n "Shutting down tacacs+: "
>      43          killproc tac_plus
>      44          RETVAL=$?
>      45          echo
>      46          [ $RETVAL == 0 ] && rm -f /var/lock/subsys/tac_plus
>      47          ;;
>      48    status)
>      49          status tac_plus
>      50          exit $?
>      51          ;;
>      52    restart)
>      53          $0 stop
>      54          $0 start
>      55          exit $?
>      56          ;;
>      57    reload)
>      58          kill -USR1 `cat /var/run/tac_plus.pid`
>      59          ;;
>      60    *)
>      61          echo "Usage: tacacs {start|stop|status|restart|reload}"
>      62          exit 1
>      63  esac
>      64  exit $RETVAL
> [root at g000063 ejohnson]#
>
> Elliot Johnson - Infrastructure Manager - Group IT
> Hayley Group Limited
> Shelah Road, Halesowen, West Midlands, B63 3PG, England
> [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk<mailto:elliot.johnson at hayley-group.co.uk>
> ________________________________
> From: Philip Prindeville <philipp_subx at redfish-solutions.com>
> Sent: 16 May 2022 20:16
> To: heasley <heas at shrubbery.net>
> Cc: Elliot Johnson <elliot.johnson at hayley-group.co.uk>; tac_plus at shrubbery.net <tac_plus at shrubbery.net>
> Subject: Re: [tac_plus] Please help with tac_plus
>
>
>
>> On May 16, 2022, at 12:42 PM, heasley <heas at shrubbery.net> wrote:
>>
>> Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson:
>>> Hello,
>>>
>>> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box.
>>>
>>> We have a config with a group section like this:
>>>
>>> group = netadmin {
>>>     default service = permit
>>>     acl             = hgl
>>>     service         = exec {
>>>                         priv-lvl = 15
>>>                       }
>>> }
>>>
>>> When we start the tac_plus process, we get this reported by systemd:
>>>
>>> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected
>>>
>>> Line 22 is "default service = permit"
>>>
>>> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put.
>> Your syntax looks correct.  I expect that you either have unprintable
>> characters on line 22 or there is an error on a preceding line that is
>> trickling down to line 22.
>>
>
> Is it the config file it's complaining about, or the init.d script?  Can you include "cat -n /etc/rc.d/init.d/tac_plus"?
>
>
>
> Company No: 1257303 VAT No: GB 292 0546 04 The information contained in this e-mail is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, the use of this information or any disclosure, copying or distribution is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender immediately and delete the material from any computer. The views expressed in this e-mail may not necessarily be the views of Hayley Group Limited and should not be taken as authority to carry out any instruction contained within.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20220516/8d88198a/attachment.htm>
> _______________________________________________
> tac_plus mailing list
> tac_plus at www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/tac_plus

The error is clearly the file

      /etc/tac_plus.conf

that is being complained about.

I think that the line is incorrect, just in general because it's 
commented out in the example distributed with the code.

More information about the tac_plus mailing list