The TACACS virtual server's function

[Alan DeKok]

On Dec 5, 2024, at 3:45 AM, 黄立成 via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> Hi guys, I am writing to ask some questions about the TACACS SERVER in version 4.x.x.  I would like to know how can I do things I did in radius server.Things looks different in tacacs.
> 1)enable authentication
> 2) authorization privilege level for each user.
> 3) authorization network attributes.
> 4) authorzation specific commands.

  As always, run the server in debug mode, and see what the client sends.  Then, write policies to deal with the data.

  For now, it's likely best to run *just* TACACS+.  i.e. don't run RADIUS and TACACS+ virtual servers at the same time.  We're working on fixing that.

> The common things  in 1) 2) 3) I want to do is making different rules for different users.In radius,AUTHOR COMES AFTER AUTHEN,so I just need to set these attributes in USERS file.
> I am wondering if there is simple configuration I can do or interfaces I can use just like what I did in radius.
> I am confused because I cannot find an example to follow.I WISH YOU COULD PROVIDE ME A SAMPLE CONFIGURATION FOR TACACS,that will be the best!!

  The TACACS+ code works, but we haven't had time for detailed "how tos" or for more sample configuration.  But if you get things working, we're always happy to accept patches.

  i.e. you have access to the source, the configuration files, the existing docs, etc.  It's an Open Source project, and it's only as good as the contributions that people make.

  Plus, v4 isn't officially released, so if it works, great.  If not, please supply patches.

  Alan DeKok.