网络设备AAA认证(皮肤暗黄的原因是什么)

网友投稿 344 2022-09-12


网络设备AAA认证(皮肤暗黄的原因是什么)

添加用户到用户组

TACACS 安装配置yum install gcc perl-LDAP wgetwget xvfj DEVEL.201706241310.tar.bz2cd /PROJECTS./configuremake && make installmkdir /var/log/tac_plusmkdir /var/log/tac_plus/accessmkdir /var/log/tac_plus/acctmkdir /var/log/tac_plus/authenmkdir /var/log/tac_plus/authorchmod 760 -R /var/log/tac_plus/cp ~/PROJECTS/tac_plus/extra/tac_plus.service /etc/systemd/system/systemctl daemon-reloadcp ~/PROJECTS/tac_plus/extra/tac_plus.cfg-ads /usr/local/etc/tac_plus.cfgchmod 660 /usr/local/etc/tac_plus.cfgTACACS 配置文件#!/usr/local/sbin/tac_plusid = spawnd {listen = { port = 49 }spawn = {instances min = 1instances max = 10}background = yes}

id = tac_plus {access log = /var/log/tac_plus/access/%Y%m%d.logauthentication log = /var/log/tac_plus/authen/%Y%m%d.logauthorization log = /var/log/tac_plus/author/%Y%m%d.logaccounting log = /var/log/tac_plus/acct/%Y%m%d.log

mavis module = external { setenv LDAP_SERVER_TYPE = "microsoft" setenv LDAP_HOSTS = "ldap://ipa.test.org:389" setenv LDAP_SCOPE = "sub" setenv LDAP_BASE = "cn=users,cn=accounts,dc=test,dc=org" setenv LDAP_FILTER= "(uid=%s)" setenv REQUIRE_TACACS_GROUP_PREFIX = 1 setenv FLAG_USE_MEMBEROF = 1 exec = /usr/local/lib/mavis/mavis_tacplus_ldap.pl } login backend = mavis user backend = mavis pap backend = mavis skip missing groups = yes cache timeout = 21600 host = world { address = ::/0 prompt = "Welcome\n" enable 15 = clear secret key = XXXX (与交换机key一致) } group = admin { default service = permit service = shell { default command = permit default attribute = permit set priv-lvl = 15 } } group = guest { default service = deny enable = deny service = shell { default command = deny default attribute = permit set priv-lvl = 1 cmd = display { deny diagnostic-information permit .* } cmd = ping { permit .* } } }

}tacacs服务管理:systemctl enable tac_plussystemctl restart tac_plussystemctl status tac_plustacacs日志管理:access log = /var/log/tac_plus/access/%Y%m%d.logauthentication log = /var/log/tac_plus/authen/%Y%m%d.logauthorization log = /var/log/tac_plus/author/%Y%m%d.logaccounting log = /var/log/tac_plus/acct/%Y%m%d.log


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

标签:日志 配置 文件
上一篇:实操 :华为DHCP中继服务配置(实操课程)
下一篇:华为网络-三层交换配置(华为路由器三层交换配置)
相关文章

 发表评论

暂时没有评论,来抢沙发吧~