Re: Need to build a TACACS+ server

prabhatei7 · ‎06-10-2020

Hi,

I am posting this to know about the prerequisites before enabling AAA on routers/switches/firewall.

I am aware of the router/switch configuration but would like to get a clear picture about the TACACS+ daemon and process to how to build complete TACACS+ server.

I want to know the complete process about building TACACS+ server.

In case if we have Linux/Windows machine, then which is best for consideration.

Any help would be appreciated.

Regards

Prabhat Kr. Batham

balaji.bandi · ‎06-10-2020

Cisco has 2 products for ACS (going to soon end of Life ) other one active and more powerful ISE

if you are not looking that, then FreeRadius is the opensource can be used as AAA Server or MS NPAS servers can be used.

here is the guide on how to configure and test : ( make sure you create a Local user and make configure to use a local account if radius server not usable) - test before you write the config - I have seen people lockdown and go to password reset procedure.

https://wiki.freeradius.org/vendor/Cisco

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

prabhatei7 · ‎07-02-2020

Hi Balaji,

Thank you for your response.

Firstly I found some sources to TACACS+ for windows but not sure about working

https://shrubbery.net/tac_plus/

My requirement is to install TACACS+ on windows/linux integrated with one of our Active directories.

I'm sure about my switch/router configs but as company doesn't want to invest, I'm looking for a free solution for centralized authentication.

I just want the correct path to download the TACACS+ software for windows/linux as there are multiple links but not sure which one is correct. So please redirect me to the link.

balaji.bandi · ‎07-02-2020

Freeraddius does for you :

https://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help