In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2024-10-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Switch configuration (take Huasan switch as an example, v7 version)
hwtacacs scheme tacacs
primary authentication 172.18.34.45
primary authorization 172.18.34.45
primary accounting 172.18.34.45
key authentication cipher $c$3$GVL2qE1HsQSyRlEI5UiDXl7Se/giCmx7fXzy
key authorization cipher $c$3$SQRKlqv25kY6zvoAtPfqkKyr42LdnT57kh7V
key accounting cipher $c$3$gklXXuVEMVLUcHFL0WX1t33g7BDhXciJRcb2
user-name-format without-domain
#
domain hwtacacs
authorization command hwtacacs-scheme tacacs
accounting command hwtacacs-scheme tacacs
authentication default hwtacacs-scheme tacacs local
authorization default hwtacacs-scheme tacacs local
accounting default hwtacacs-scheme tacacs local
#
domain default enable hwtacacs
#
line vty 0 15
command authorization
command accounting
! User Management Platform FreeIPA Installation
CentOS Linux release 7.3.1611 (Core), firewall turned off
yum install ipa-server bind bind-dyndb-ldap
echo "172.18.34.45 ipa.test.org ipa" >>/etc/hosts
ipa-server-install will automatically install all default carriage returns
https://ipa.test.org/ installation process will prompt for user name and password, default user admin
You may encounter errors.
If you encounter messagebus service error, execute the following command, and then uninstall reload.
https://bugzilla.redhat.com/show_bug.cgi? id=636876
systemctl restart messagebus
systemctl start certmonger
ipa-server-install -uninstall
ipa-server-install
log directory
tail -f /var/log/dirsrv/slapd-TEST-ORG/access
tail -f /var/log/dirsrv/slapd-TEST-ORG/errors
Set IPA:
add users
添加用户到用户组
TACACS 安装配置
yum install gcc perl-LDAP wget
wget http://www.pro-bono-publico.de/projects/src/DEVEL.201706241310.tar.bz2
tar xvfj DEVEL.201706241310.tar.bz2
cd /PROJECTS
./configure
make && make install
mkdir /var/log/tac_plus
mkdir /var/log/tac_plus/access
mkdir /var/log/tac_plus/acct
mkdir /var/log/tac_plus/authen
mkdir /var/log/tac_plus/author
chmod 760 -R /var/log/tac_plus/
cp ~/PROJECTS/tac_plus/extra/tac_plus.service /etc/systemd/system/
systemctl daemon-reload
cp ~/PROJECTS/tac_plus/extra/tac_plus.cfg-ads /usr/local/etc/tac_plus.cfg
chmod 660 /usr/local/etc/tac_plus.cfg
TACACS 配置文件
#!/usr/local/sbin/tac_plus
id = spawnd {
listen = { port = 49 }
spawn = {
instances min = 1
instances max = 10
}
background = yes
}
id = tac_plus {
access log = /var/log/tac_plus/access/%Y%m%d.log
authentication log = /var/log/tac_plus/authen/%Y%m%d.log
authorization log = /var/log/tac_plus/author/%Y%m%d.log
accounting log = /var/log/tac_plus/acct/%Y%m%d.log
mavis module = external { setenv LDAP_SERVER_TYPE = "microsoft" setenv LDAP_HOSTS = "ldap://ipa.test.org:389" setenv LDAP_SCOPE = "sub" setenv LDAP_BASE = "cn=users,cn=accounts,dc=test,dc=org" setenv LDAP_FILTER= "(uid=%s)" setenv REQUIRE_TACACS_GROUP_PREFIX = 1 setenv FLAG_USE_MEMBEROF = 1 exec = /usr/local/lib/mavis/mavis_tacplus_ldap.pl}login backend = mavisuser backend = mavispap backend = mavis skip missing groups = yes cache timeout = 21600host = world { address = ::/0 prompt = "Welcome\n" enable 15 = clear secret key = XXXX (与交换机key一致)}group = admin { default service = permit service = shell { default command = permit default attribute = permit set priv-lvl = 15 }}group = guest { default service = deny enable = deny service = shell { default command = deny default attribute = permit set priv-lvl = 1 cmd = display { deny diagnostic-information permit .* } cmd = ping { permit .* } }}
}
tacacs服务管理:
systemctl enable tac_plus
systemctl restart tac_plus
systemctl status tac_plus
tacacs日志管理:
access log = /var/log/tac_plus/access/%Y%m%d.log
authentication log = /var/log/tac_plus/authen/%Y%m%d.log
authorization log = /var/log/tac_plus/author/%Y%m%d.log
accounting log = /var/log/tac_plus/acct/%Y%m%d.log
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.