作者 主題: 請問 TACACS & CISCO ROUTER 設定問題、麻煩各位大大指點、感謝、感謝 !!!!  (閱讀 10815 次)

0 會員 與 1 訪客 正在閱讀本文。

weiyi

  • 可愛的小學生
  • *
  • 文章數: 13
    • 檢視個人資料
請問 TACACS+ & CISCO ROUTER 設定問題

小弟於 FreeBSD 上安裝 tacacs 並已啟動完成

router 上也設定 aaa new-model ... 等等

請問各位大大、我已可依 /etc/passwd 帳號登入 router 無誤

但若需再進入 enable 時 . 會無法認證、無法登入狀況

麻煩各位大大指點、感謝、感謝 !!!!

190BSD# tail /var/log/tac_plus.log
Mon Aug 6 13:02:20 2007 [358]: tac_plus server F4.0.3.alpha.v9 (Extended Tac_plus) starting
Mon Aug 6 13:02:20 2007 [359]: Backgrounded
Mon Aug 6 13:02:20 2007 [359]: uid=0 euid=0 gid=0 egid=0 s=0
Mon Aug 6 13:08:34 2007 [458]: login query for 'weii' tty7 from 192.168.16.104 accepted
Mon Aug 6 13:08:42 2007 [459]: enable query for 'unknown' tty7 from 192.168.16.104 rejected
Mon Aug 6 13:08:48 2007 [460]: enable query for 'unknown' tty7 from 192.168.16.104 rejected
Mon Aug 6 13:08:58 2007 [461]: enable query for 'unknown' tty7 from 192.168.16.104 rejected
Mon Aug 6 13:09:05 2007 [462]: enable query for 'unknown' tty7 from 192.168.16.104 rejected
Mon Aug 6 13:09:09 2007 [463]: enable query for 'unknown' tty7 from 192.168.16.104 rejected
Mon Aug 6 13:10:22 2007 [476]: enable query for 'unknown' tty7 from 192.168.16.104 rejected


///////////////

Freebsd

190BSD# cat /etc/tac_plus.cfg
# Created by Devrim SERAL(devrim@tef.gazi.edu.tr)
# It's very simple configuration file
# Please read user_guide and tacacs+ FAQ to more information to do more
# complex tacacs+ configuration files.
#

key = OOXX

# Use /etc/passwd file to do authentication

default authentication = file /etc/passwd

# Now tacacs+ also use default PAM authentication
#default authentication = pam pap

#If you like to use DB authentication
#default authentication = db "db_type://db_user:db_pass@db_hostname/db_name/db_table?name_field&pass_field
# db_type: mysql or null
# db_user: Database connect username
# db_pass: Database connection password
# db_hostname : Database hostname
# db_name : Database name
# db_table : authentication table name
# name_field and pass_field: Username and password field name at the db_table

# Accounting records log file

accounting file = /var/log/tac_acc.log

# Would you like to store accounting records in database..
# db_accounting = "db_type://db_user:db_pass@db_hostname/db_name/db_table"
# Same as above..

#All services are alowed..

user = DEFAULT {
service = ppp protocol = ip {}
}

# Yes we have more features like per host key
#host = 127.0.0.1 {
# key = test
# type = cisco
#}
#user = test {
# name = Test User
# pap = cleartext test
# member = staff
#}
#
#group = staff {
# time = "Wd1800-1817|!Wd1819-2000"
#}

190BSD#

/////////////////////

router

Router(config)#aaa new-model
Router(config)#aaa authentication login default group tacacs+
Router(config)#aaa authentication enable default group tacacs+
Router(config)#tacacs-server host 192.168.16.190
Router(config)#tacacs-server key OOXX
Router(config)#^Z
Router#

dogy

  • 可愛的小學生
  • *
  • 文章數: 14
    • 檢視個人資料
請問您解決這個問題了嗎?