Simple Install Tacacs+ Server On Ubuntu Jaunty

Posted On 31 August 2009

Filed under Linux

Comments Dropped one response

On this sunny morning, Let’s try to install a simple server tacacs. I use my work PC, the Ubuntu Desktop Jaunty. I had wanted to integrate tacacs with ldap, but have not succeeded for me, gan. This is my source for this instalation. So, this is the first …

Download the latest Tac_Plus Packet
#cd /home/rahman/linux

Extract Tacacs packet
#tar -zxvf tac_plus_v9a.tar.gz
#cd /home/rahman/linux/tac_plus_v9a

Install compiler that needed to install Tacacs+ packet
#apt-get install g++

Configure and compile Tacacs
#./configure –with-ldap
#make tac_plus

We’ll get error (static declaration of nopasswd_str follows non-static declaration). We have to edit file config.c and remove static modifier from nopassword_str.


static char *authen_default = NULL; /* top level authentication default */
static int authen_default_method = 0; /*For method check */
static char *nopasswd_str = “nopasswd” ;


static char *authen_default = NULL; /* top level authentication default */
static int authen_default_method = 0; /*For method check */
char *nopasswd_str = “nopasswd” ;

#make tac_plus
#make install

Next, we’ll make directory and file for tacacs configuration.

#mkdir /etc/tac-plus
#vim /etc/tac-plus/tacacs.conf

# comment while debug
#Set up accounting if enableing on NAS
accounting file = /var/log/tac-plus/account.txt

#NAS key below
key = chayank123

user = p3mu74 {
login = cleartext 123
member = NOC

group = NOC {
member = ALL_STAFF

group = ALL_STAFF {

#Enable password setup for everyone:
user = $enable$ {
global = cleartext “login”

And then, Create init script for running tacacs service.
#vim /etc/init.d/tac-plus

# Provides: tac-plus
# Required-Start: $network
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: S 0 1 6
# Short-Description: Start tac-plus server.
# Description: Run the tac-plus server listening for
# AAA ( access, acounting and autorization request )
# from routers or RAS (remote access servers) via
# tacacs+ protocol

DESC=”Tacacs+ server”
OTHER_OPTS=”-d 248″

test -f $DAEMON || exit 0

if [ -r /etc/default/tac-plus ] ; then
. /etc/default/tac-plus

#set -e

case “$1” in
echo -n “Starting $DESC: “
start-stop-daemon –start –quiet –pidfile /var/run/$ \
echo “$NAME.”
echo -n “Stopping $DESC: “
start-stop-daemon –stop –quiet –pidfile /var/run/$ \
–exec $DAEMON
echo “$NAME.”
# The daemon AFAIK have problems reloading its
# config files on the fly. When sending the signal
# it dies trying to bind again to the socket.
# So it has been disabled.
# echo “Reloading $DESC configuration files.”
# start-stop-daemon –stop –signal FIXME –quiet –pidfile \
# /var/run/$ –exec $DAEMON
echo -n “Restarting $DESC: “
start-stop-daemon –stop –quiet –pidfile \
/var/run/$ –exec $DAEMON
sleep 1
start-stop-daemon –start –quiet –pidfile \
/var/run/$ –exec $DAEMON — $DAEMON_OPTS
echo “$NAME.”
# echo “Usage: $N {start|stop|restart|reload|force-reload}” >&2
echo “Usage: $N {start|stop|restart|force-reload}” >&2
exit 1

exit 0

#chmod u+x /etc/init.d/tac-plus

Make Tacacs+ service start when OS booting
#update-rc.d tac-plus start 30 2 3 4 5 . stop 70 0 1 6 .

Set for tacacs+ logging
#mkdir /var/log/tac-plus
#touch /var/log/tac-plus/account.txt

Starting tacacs+
#/etc/init.d/tac-plus start

Check tacacs service
#netstat -pln | grep tac
tcp 0 0* LISTEN 9497/tac_plus

Alright! we’ll test this tacacs authentication server with the real router. My tacacs+ IP is and router IP is

Let’s figure it out…

Key for NAS : chayank123
Username : p3mu74
Password : 123
enable pass : login

Router Conf
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
interface FastEthernet0/0
ip address
duplex auto
speed auto
tacacs-server host
tacacs-server directed-request
tacacs-server key 7 070C294D5708170E464058 > chayank123

I’ll try login into router

ts@ts04-surahman:~$ telnet
Connected to
Escape character is ‘^]’.

User Access Verification

Username: p3mu74 > my username
Password: > 123

Password: > login

We have success login into router with Tacacs authentication. Next time, I’ll learn to make it up with database system.

Thank You For all


One Response to “Simple Install Tacacs+ Server On Ubuntu Jaunty”

  1. muklis

    Great tut bro, keep share,,,,,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s