[tac_plus] Please help with tac_plus
Bruce Ferrell
bferrell at baywinds.org
Mon May 16 21:59:50 UTC 2022
I finally got "stupid" and checked the man page for tac_plus.conf:
Note: if used, <default service> must precede all other <svc>
directives in a <user> clause.
so THIS:
user = joe {
default service = permit
login = PAM
#member = sysadmin
member = admin
}
is a valid use of "default service". For the record, I put it into the
stanza after the line
login = PAM
and got another error
On 5/16/22 2:35 PM, John Fraizer wrote:
> It’s the config, not the init script.
>
> On Mon, May 16, 2022 at 3:41 PM Elliot Johnson <
> elliot.johnson at hayley-group.co.uk> wrote:
>
>> Hey, thanks for the response 🙂
>>
>> I have already tried deleting the line and retyping to weed out any odd
>> characters, but no luck.
>>
>> This is the cat output:
>>
>> [root at g000063 ejohnson]# cat -n /etc/rc.d/init.d/tac_plus
>> 1 #!/bin/bash
>> 2 #
>> 3 # description: Cisco's tacacs+ access, authorization, and
>> accounting server.
>> 4 # chkconfig: 345 15 85
>> 5 #
>> 6 ### BEGIN INIT INFO
>> 7 # Provides: tacacs tacacs+ tac_plus
>> 8 # Required-Start: $network
>> 9 # Required-Stop: $network
>> 10 # Default-Start: 3 4 5
>> 11 # Short-Description: TACACS+ server based on Cisco source release
>> 12 # Description: Starts and stops tac_plus TACACS+ server
>> 13 ### END INIT INFO
>> 14
>> 15 # Source function library.
>> 16 . /etc/rc.d/init.d/functions
>> 17
>> 18 # Source networking configuration.
>> 19 . /etc/sysconfig/network
>> 20
>> 21 # Check that networking is up.
>> 22 [ ${NETWORKING} = "no" ] && exit 0
>> 23
>> 24 CONFIG=/etc/tac_plus.conf
>> 25
>> 26 [ -f $CONFIG ] || exit 1
>> 27
>> 28 [ -r /etc/sysconfig/tac_plus ] && . /etc/sysconfig/tac_plus
>> 29
>> 30 # See how we were called.
>> 31 case "$1" in
>> 32 start)
>> 33 # Start daemons.
>> 34 echo -n "Starting tacacs+: "
>> 35 daemon /usr/bin/tac_plus -C $CONFIG ${LOGFILE:+-l
>> $LOGFILE} ${WHOLOG:+-w $WHOLOG} ${DEBUG_LEVEL:+-d $DEBUG_LEVEL}
>> 36 RETVAL=$?
>> 37 echo
>> 38 [ $RETVAL == 0 ] && touch /var/lock/subsys/tac_plus
>> 39 ;;
>> 40 stop)
>> 41 # Stop daemons.
>> 42 echo -n "Shutting down tacacs+: "
>> 43 killproc tac_plus
>> 44 RETVAL=$?
>> 45 echo
>> 46 [ $RETVAL == 0 ] && rm -f /var/lock/subsys/tac_plus
>> 47 ;;
>> 48 status)
>> 49 status tac_plus
>> 50 exit $?
>> 51 ;;
>> 52 restart)
>> 53 $0 stop
>> 54 $0 start
>> 55 exit $?
>> 56 ;;
>> 57 reload)
>> 58 kill -USR1 `cat /var/run/tac_plus.pid`
>> 59 ;;
>> 60 *)
>> 61 echo "Usage: tacacs {start|stop|status|restart|reload}"
>> 62 exit 1
>> 63 esac
>> 64 exit $RETVAL
>> [root at g000063 ejohnson]#
>>
>> Elliot Johnson - Infrastructure Manager - Group IT
>> Hayley Group Limited
>> Shelah Road, Halesowen, West Midlands, B63 3PG, England
>> [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk
>> <mailto:elliot.johnson at hayley-group.co.uk>
>> ________________________________
>> From: Philip Prindeville <philipp_subx at redfish-solutions.com>
>> Sent: 16 May 2022 20:16
>> To: heasley <heas at shrubbery.net>
>> Cc: Elliot Johnson <elliot.johnson at hayley-group.co.uk>;
>> tac_plus at shrubbery.net <tac_plus at shrubbery.net>
>> Subject: Re: [tac_plus] Please help with tac_plus
>>
>>
>>
>>> On May 16, 2022, at 12:42 PM, heasley <heas at shrubbery.net> wrote:
>>>
>>> Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson:
>>>> Hello,
>>>>
>>>> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box.
>>>>
>>>> We have a config with a group section like this:
>>>>
>>>> group = netadmin {
>>>> default service = permit
>>>> acl = hgl
>>>> service = exec {
>>>> priv-lvl = 15
>>>> }
>>>> }
>>>>
>>>> When we start the tac_plus process, we get this reported by systemd:
>>>>
>>>> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus:
>> line 22: [: =: unary operator expected
>>>> Line 22 is "default service = permit"
>>>>
>>>> What is the syntax we should use for this config entry? All the online
>> guides only suggest what we have already put.
>>> Your syntax looks correct. I expect that you either have unprintable
>>> characters on line 22 or there is an error on a preceding line that is
>>> trickling down to line 22.
>>>
>>
>> Is it the config file it's complaining about, or the init.d script? Can
>> you include "cat -n /etc/rc.d/init.d/tac_plus"?
>>
>>
>>
>> Company No: 1257303 VAT No: GB 292 0546 04 The information contained in
>> this e-mail is intended only for the person or entity to which it is
>> addressed and may contain confidential and/or privileged material. If you
>> are not the intended recipient of this e-mail, the use of this information
>> or any disclosure, copying or distribution is strictly prohibited and may
>> be unlawful. If you received this e-mail in error, please contact the
>> sender immediately and delete the material from any computer. The views
>> expressed in this e-mail may not necessarily be the views of Hayley Group
>> Limited and should not be taken as authority to carry out any instruction
>> contained within.
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20220516/8d88198a/attachment.htm
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at www.shrubbery.net
>> https://www.shrubbery.net/mailman/listinfo/tac_plus
>>
More information about the tac_plus
mailing list