[tac_plus] Please help with tac_plus

John Fraizer john at op-sec.us
Mon May 16 21:35:15 UTC 2022


It’s the config, not the init script.

On Mon, May 16, 2022 at 3:41 PM Elliot Johnson <
elliot.johnson at hayley-group.co.uk> wrote:

> Hey, thanks for the response 🙂
>
> I have already tried deleting the line and retyping to weed out any odd
> characters, but no luck.
>
> This is the cat output:
>
> [root at g000063 ejohnson]# cat -n /etc/rc.d/init.d/tac_plus
>      1  #!/bin/bash
>      2  #
>      3  # description: Cisco's tacacs+ access, authorization, and
> accounting server.
>      4  # chkconfig: 345 15 85
>      5  #
>      6  ### BEGIN INIT INFO
>      7  # Provides: tacacs tacacs+ tac_plus
>      8  # Required-Start: $network
>      9  # Required-Stop: $network
>     10  # Default-Start: 3 4 5
>     11  # Short-Description: TACACS+ server based on Cisco source release
>     12  # Description: Starts and stops tac_plus TACACS+ server
>     13  ### END INIT INFO
>     14
>     15  # Source function library.
>     16  . /etc/rc.d/init.d/functions
>     17
>     18  # Source networking configuration.
>     19  . /etc/sysconfig/network
>     20
>     21  # Check that networking is up.
>     22  [ ${NETWORKING} = "no" ] && exit 0
>     23
>     24  CONFIG=/etc/tac_plus.conf
>     25
>     26  [ -f $CONFIG ] || exit 1
>     27
>     28  [ -r /etc/sysconfig/tac_plus ] && . /etc/sysconfig/tac_plus
>     29
>     30  # See how we were called.
>     31  case "$1" in
>     32    start)
>     33          # Start daemons.
>     34          echo -n "Starting tacacs+: "
>     35          daemon /usr/bin/tac_plus -C $CONFIG ${LOGFILE:+-l
> $LOGFILE}  ${WHOLOG:+-w $WHOLOG} ${DEBUG_LEVEL:+-d $DEBUG_LEVEL}
>     36          RETVAL=$?
>     37          echo
>     38          [ $RETVAL == 0 ] && touch /var/lock/subsys/tac_plus
>     39          ;;
>     40    stop)
>     41          # Stop daemons.
>     42          echo -n "Shutting down tacacs+: "
>     43          killproc tac_plus
>     44          RETVAL=$?
>     45          echo
>     46          [ $RETVAL == 0 ] && rm -f /var/lock/subsys/tac_plus
>     47          ;;
>     48    status)
>     49          status tac_plus
>     50          exit $?
>     51          ;;
>     52    restart)
>     53          $0 stop
>     54          $0 start
>     55          exit $?
>     56          ;;
>     57    reload)
>     58          kill -USR1 `cat /var/run/tac_plus.pid`
>     59          ;;
>     60    *)
>     61          echo "Usage: tacacs {start|stop|status|restart|reload}"
>     62          exit 1
>     63  esac
>     64  exit $RETVAL
> [root at g000063 ejohnson]#
>
> Elliot Johnson - Infrastructure Manager - Group IT
> Hayley Group Limited
> Shelah Road, Halesowen, West Midlands, B63 3PG, England
> [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk
> <mailto:elliot.johnson at hayley-group.co.uk>
> ________________________________
> From: Philip Prindeville <philipp_subx at redfish-solutions.com>
> Sent: 16 May 2022 20:16
> To: heasley <heas at shrubbery.net>
> Cc: Elliot Johnson <elliot.johnson at hayley-group.co.uk>;
> tac_plus at shrubbery.net <tac_plus at shrubbery.net>
> Subject: Re: [tac_plus] Please help with tac_plus
>
>
>
> > On May 16, 2022, at 12:42 PM, heasley <heas at shrubbery.net> wrote:
> >
> > Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson:
> >> Hello,
> >>
> >> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box.
> >>
> >> We have a config with a group section like this:
> >>
> >> group = netadmin {
> >>    default service = permit
> >>    acl             = hgl
> >>    service         = exec {
> >>                        priv-lvl = 15
> >>                      }
> >> }
> >>
> >> When we start the tac_plus process, we get this reported by systemd:
> >>
> >> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus:
> line 22: [: =: unary operator expected
> >>
> >> Line 22 is "default service = permit"
> >>
> >> What is the syntax we should use for this config entry? All the online
> guides only suggest what we have already put.
> >
> > Your syntax looks correct.  I expect that you either have unprintable
> > characters on line 22 or there is an error on a preceding line that is
> > trickling down to line 22.
> >
>
>
> Is it the config file it's complaining about, or the init.d script?  Can
> you include "cat -n /etc/rc.d/init.d/tac_plus"?
>
>
>
> Company No: 1257303 VAT No: GB 292 0546 04 The information contained in
> this e-mail is intended only for the person or entity to which it is
> addressed and may contain confidential and/or privileged material. If you
> are not the intended recipient of this e-mail, the use of this information
> or any disclosure, copying or distribution is strictly prohibited and may
> be unlawful. If you received this e-mail in error, please contact the
> sender immediately and delete the material from any computer. The views
> expressed in this e-mail may not necessarily be the views of Hayley Group
> Limited and should not be taken as authority to carry out any instruction
> contained within.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20220516/8d88198a/attachment.htm
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/tac_plus
>
-- 
--
John Fraizer
LinkedIn profile: http://www.linkedin.com/in/johnfraizer/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20220516/85195732/attachment.htm>


More information about the tac_plus mailing list