1. Building a tacacs + server
TACACS + (Terminal Access Controller access control system, terminal Access Controllers Control Protocol)
is a function-enhanced security protocol based on the TACACS protocol. Similar to the capabilities of the RADIUS protocol, the protocol uses client/server mode to communicate between NAS and TACACS + servers.
(1) Use of Tacacs +
The TACACS + protocol is primarily used for PPP and VPDN (Virtual private dial-up network, VPN) access to users and end-user AAA.
AAA is authentication, Authorization, Accounting (authentication, authorization, billing) abbreviation, is a network security management mechanism, provides authentication, authorization, billing three kinds of security functions.
Authentication: Verify the identity of the remote user who is accessing the network and determine if the visitor is a legitimate network user.
Authorization: Assign different permissions to different users and restrict the services that users can use. For example, when a user successfully logs on to a server, an administrator can authorize users to access and print files on the server.
Billing: Records all the operations of the user using the network service, including the type of service used, start time, data traffic, etc., it is not only a means of billing, but also the network security has played a role in monitoring.
AAA typically uses a client/server structure, where the client runs on the NAS (Network access server), and the server centrally manages user information.
NAS is a server-side for the user and a client for the server. AAA's basic networking structure such as
(2) Communication process:
Nas plays a role in authenticating users when they want to establish a connection to the NAS through a network to gain access to other networks or to acquire certain network resources.
The NAS is responsible for transmitting the user's authentication, authorization, and billing information to the server (RADIUS server or Hwtacacs server), and the RADIUS protocol or HWTACACS protocol specifies how the user information is communicated between the NAS and the server.
A typical application of TACACS + is authentication, authorization, and billing for end users who need to log on to the device for operation. The device acts as a client for TACACS + and sends the user name and password to the TACACS + server for verification. Users can log on to the device after they have been authenticated and authorized to do so.
(3) Tacacs and radius comparison:
2. Start the construction process:
sudo apt-get install TACACS +
(1) Editing the configuration file
sudo vi/etc/tacacs+/tac_plus.conf
Testing123 is the tacacs + server and the tacacs + Client (our ursalink router ) to interact with the password.
Chunyu is the access Ursalink Router the user name, 123456 is the password.
(2) Restart
Sudo/etc/init.d/tacacs_plus restart
Reboot failed:
Solve the problem:
(3) Configuring the Ursalink router
(4) View log on the tacacs + server
sudo vi/var/log/syslog
Failed authentication? The problem is key!. To modify the router configuration:
(5) Re-view the log:
sudo vi/var/log/syslog
Certification Success!
UBUNTU14 under the AAA certification of various Servers 2