Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account


AAA authentication of network equipment

2024-05-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >


Shulou( Report--

Switch configuration (take Huasan switch as an example, v7 version)

hwtacacs scheme tacacs

primary authentication

primary authorization

primary accounting

key authentication cipher $c$3$GVL2qE1HsQSyRlEI5UiDXl7Se/giCmx7fXzy

key authorization cipher $c$3$SQRKlqv25kY6zvoAtPfqkKyr42LdnT57kh7V

key accounting cipher $c$3$gklXXuVEMVLUcHFL0WX1t33g7BDhXciJRcb2

user-name-format without-domain


domain hwtacacs

authorization command hwtacacs-scheme tacacs

accounting command hwtacacs-scheme tacacs

authentication default hwtacacs-scheme tacacs local

authorization default hwtacacs-scheme tacacs local

accounting default hwtacacs-scheme tacacs local


domain default enable hwtacacs


line vty 0 15

command authorization

command accounting

! User Management Platform FreeIPA Installation

CentOS Linux release 7.3.1611 (Core), firewall turned off

yum install ipa-server bind bind-dyndb-ldap

echo " ipa" >>/etc/hosts

ipa-server-install will automatically install all default carriage returns installation process will prompt for user name and password, default user admin

You may encounter errors.

If you encounter messagebus service error, execute the following command, and then uninstall reload. id=636876

systemctl restart messagebus

systemctl start certmonger

ipa-server-install -uninstall


log directory

tail -f /var/log/dirsrv/slapd-TEST-ORG/access

tail -f /var/log/dirsrv/slapd-TEST-ORG/errors

Set IPA:

add users



yum install gcc perl-LDAP wget


tar xvfj DEVEL.201706241310.tar.bz2



make && make install

mkdir /var/log/tac_plus

mkdir /var/log/tac_plus/access

mkdir /var/log/tac_plus/acct

mkdir /var/log/tac_plus/authen

mkdir /var/log/tac_plus/author

chmod 760 -R /var/log/tac_plus/

cp ~/PROJECTS/tac_plus/extra/tac_plus.service /etc/systemd/system/

systemctl daemon-reload

cp ~/PROJECTS/tac_plus/extra/tac_plus.cfg-ads /usr/local/etc/tac_plus.cfg

chmod 660 /usr/local/etc/tac_plus.cfg



id = spawnd {

listen = { port = 49 }

spawn = {

instances min = 1

instances max = 10


background = yes


id = tac_plus {

access log = /var/log/tac_plus/access/%Y%m%d.log

authentication log = /var/log/tac_plus/authen/%Y%m%d.log

authorization log = /var/log/tac_plus/author/%Y%m%d.log

accounting log = /var/log/tac_plus/acct/%Y%m%d.log

mavis module = external { setenv LDAP_SERVER_TYPE = "microsoft" setenv LDAP_HOSTS = "ldap://" setenv LDAP_SCOPE = "sub" setenv LDAP_BASE = "cn=users,cn=accounts,dc=test,dc=org" setenv LDAP_FILTER= "(uid=%s)" setenv REQUIRE_TACACS_GROUP_PREFIX = 1 setenv FLAG_USE_MEMBEROF = 1 exec = /usr/local/lib/mavis/}login backend = mavisuser backend = mavispap backend = mavis skip missing groups = yes cache timeout = 21600host = world { address = ::/0 prompt = "Welcome\n" enable 15 = clear secret key = XXXX (与交换机key一致)}group = admin { default service = permit service = shell { default command = permit default attribute = permit set priv-lvl = 15 }}group = guest { default service = deny enable = deny service = shell { default command = deny default attribute = permit set priv-lvl = 1 cmd = display { deny diagnostic-information permit .* } cmd = ping { permit .* } }}



systemctl enable tac_plus

systemctl restart tac_plus

systemctl status tac_plus


access log = /var/log/tac_plus/access/%Y%m%d.log

authentication log = /var/log/tac_plus/authen/%Y%m%d.log

authorization log = /var/log/tac_plus/author/%Y%m%d.log

accounting log = /var/log/tac_plus/acct/%Y%m%d.log

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security


© 2024 SLNews company. All rights reserved.