[tac_plus] Please help with tac_plus

Philip Prindeville philipp at redfish-solutions.com
Mon May 16 22:20:32 UTC 2022 


> On May 16, 2022, at 3:00 PM, Bruce Ferrell <bferrell at baywinds.org> wrote:
> 
> On 5/16/22 12:41 PM, Elliot Johnson wrote:
> 
>> Hey, thanks for the response 🙂
>> 
>> I have already tried deleting the line and retyping to weed out any odd characters, but no luck.
>> 
>> This is the cat output:
>> 
>> [root at g000063 ejohnson]# cat -n /etc/rc.d/init.d/tac_plus
>>      1  #!/bin/bash
>>      2  #
>>      3  # description: Cisco's tacacs+ access, authorization, and accounting server.
>>      4  # chkconfig: 345 15 85
>>      5  #
>>      6  ### BEGIN INIT INFO
>>      7  # Provides: tacacs tacacs+ tac_plus
>>      8  # Required-Start: $network
>>      9  # Required-Stop: $network
>>     10  # Default-Start: 3 4 5
>>     11  # Short-Description: TACACS+ server based on Cisco source release
>>     12  # Description: Starts and stops tac_plus TACACS+ server
>>     13  ### END INIT INFO
>>     14
>>     15  # Source function library.
>>     16  . /etc/rc.d/init.d/functions
>>     17
>>     18  # Source networking configuration.
>>     19  . /etc/sysconfig/network


You're inheriting $NETWORKING here...  It should be "yes" or "no".


>>     20
>>     21  # Check that networking is up.
>>     22  [ ${NETWORKING} = "no" ] && exit 0


Put quotes around "${NETWORKING}" instead.

-Philip



>>     23
>>     24  CONFIG=/etc/tac_plus.conf
>>     25
>>     26  [ -f $CONFIG ] || exit 1
>>     27
>>     28  [ -r /etc/sysconfig/tac_plus ] && . /etc/sysconfig/tac_plus
>>     29
>>     30  # See how we were called.
>>     31  case "$1" in
>>     32    start)
>>     33          # Start daemons.
>>     34          echo -n "Starting tacacs+: "
>>     35          daemon /usr/bin/tac_plus -C $CONFIG ${LOGFILE:+-l $LOGFILE}  ${WHOLOG:+-w $WHOLOG} ${DEBUG_LEVEL:+-d $DEBUG_LEVEL}
>>     36          RETVAL=$?
>>     37          echo
>>     38          [ $RETVAL == 0 ] && touch /var/lock/subsys/tac_plus
>>     39          ;;
>>     40    stop)
>>     41          # Stop daemons.
>>     42          echo -n "Shutting down tacacs+: "
>>     43          killproc tac_plus
>>     44          RETVAL=$?
>>     45          echo
>>     46          [ $RETVAL == 0 ] && rm -f /var/lock/subsys/tac_plus
>>     47          ;;
>>     48    status)
>>     49          status tac_plus
>>     50          exit $?
>>     51          ;;
>>     52    restart)
>>     53          $0 stop
>>     54          $0 start
>>     55          exit $?
>>     56          ;;
>>     57    reload)
>>     58          kill -USR1 `cat /var/run/tac_plus.pid`
>>     59          ;;
>>     60    *)
>>     61          echo "Usage: tacacs {start|stop|status|restart|reload}"
>>     62          exit 1
>>     63  esac
>>     64  exit $RETVAL
>> [root at g000063 ejohnson]#
>> 
>> Elliot Johnson - Infrastructure Manager - Group IT
>> Hayley Group Limited
>> Shelah Road, Halesowen, West Midlands, B63 3PG, England
>> [Tel] +44 (0)121 585 5334 | [Email] elliot.johnson at hayley-group.co.uk<mailto:elliot.johnson at hayley-group.co.uk>
>> ________________________________
>> From: Philip Prindeville <philipp_subx at redfish-solutions.com>
>> Sent: 16 May 2022 20:16
>> To: heasley <heas at shrubbery.net>
>> Cc: Elliot Johnson <elliot.johnson at hayley-group.co.uk>; tac_plus at shrubbery.net <tac_plus at shrubbery.net>
>> Subject: Re: [tac_plus] Please help with tac_plus
>> 
>> 
>> 
>>> On May 16, 2022, at 12:42 PM, heasley <heas at shrubbery.net> wrote:
>>> 
>>> Mon, May 16, 2022 at 05:27:09PM +0000, Elliot Johnson:
>>>> Hello,
>>>> 
>>>> We are trying to run tac_plus version F4.0.4.26 on a CentOS 7 box.
>>>> 
>>>> We have a config with a group section like this:
>>>> 
>>>> group = netadmin {
>>>>    default service = permit
>>>>    acl             = hgl
>>>>    service         = exec {
>>>>                        priv-lvl = 15
>>>>                      }
>>>> }
>>>> 
>>>> When we start the tac_plus process, we get this reported by systemd:
>>>> 
>>>> May 16 18:23:06 g000063 tac_plus[19305]: /etc/rc.d/init.d/tac_plus: line 22: [: =: unary operator expected
>>>> 
>>>> Line 22 is "default service = permit"
>>>> 
>>>> What is the syntax we should use for this config entry? All the online guides only suggest what we have already put.
>>> Your syntax looks correct.  I expect that you either have unprintable
>>> characters on line 22 or there is an error on a preceding line that is
>>> trickling down to line 22.
>>> 
>> 
>> Is it the config file it's complaining about, or the init.d script?  Can you include "cat -n /etc/rc.d/init.d/tac_plus"?
>> 
>> 
>> 
>> Company No: 1257303 VAT No: GB 292 0546 04 The information contained in this e-mail is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, the use of this information or any disclosure, copying or distribution is strictly prohibited and may be unlawful. If you received this e-mail in error, please contact the sender immediately and delete the material from any computer. The views expressed in this e-mail may not necessarily be the views of Hayley Group Limited and should not be taken as authority to carry out any instruction contained within.
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20220516/8d88198a/attachment.htm>
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at www.shrubbery.net
>> https://www.shrubbery.net/mailman/listinfo/tac_plus
> 
> The error is clearly the file
> 
>      /etc/tac_plus.conf
> 
> that is being complained about.
> 
> I think that the line is incorrect, just in general because it's commented out in the example distributed with the code.
>

More information about the tac_plus mailing list