cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1351
Views
5
Helpful
6
Replies

TACACS+ Question

MW20082008
Level 1
Level 1

Does any of you know if any one of the free TACACS+ servers support Cisco command auditing, as well as the user store in an LDAP database?

Also can someone send me a list of the free TACACS+ servers available? I remember Cisco having a free one but if I remember correctly it is not fully functional.

Thanks,

1 Accepted Solution

Accepted Solutions

Hi, michael

There is a free version of tacacs+ for linux on cisco ftp site:

ftp://ftp-eng.cisco.com/pub/tacacs/

username:anonymous

password:your email address

It surely support command audit (or it won't be called AAA), but not sure about the integration with LDAP. You will be required a liitle bit linux's skill to install this program anyway.

Another Cisco product is called Secure ACS. Even the try version cost a bit (I forgot how much). Besides, the order procedure is not very easy(at least to me)

See if this is what you want, if it's not, goto the following page:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.ee6e1fe

and repeat your question there.

HTH

SSLIN

View solution in original post

6 Replies 6

cisco24x7
Level 6
Level 6

you mean like this:

Sat Mar 22 15:15:39 2008 192.168.10.3 cciesec tty66 10.250.97.5 start task_id=390 timezone=UTC service=shell start_time=1206209779

Sat Mar 22 15:15:41 2008 192.168.10.3 cciesec tty66 10.250.97.5 stop task_id=390 timezone=UTC service=shell start_time=1206209780 priv-lvl=0 cmd=enable

Sat Mar 22 15:15:43 2008 192.168.10.3 cciesec tty66 10.250.97.5 stop task_id=391 timezone=UTC service=shell start_time=1206209783 priv-lvl=15 cmd=configure terminal

Sat Mar 22 15:15:45 2008 192.168.10.3 cciesec tty66 10.250.97.5 stop task_id=392 timezone=UTC service=shell start_time=1206209784 priv-lvl=15 cmd=interface Loopback 0

Sat Mar 22 15:15:45 2008 192.168.10.3 cciesec tty66 10.250.97.5 stop task_id=393 timezone=UTC service=shell start_time=1206209785 priv-lvl=15 cmd=shutdown

Sat Mar 22 15:15:46 2008 192.168.10.3 cciesec tty66 10.250.97.5 stop task_id=394 timezone=UTC service=shell start_time=1206209786 priv-lvl=15 cmd=no shutdown

Sat Mar 22 15:15:48 2008 192.168.10.3 cciesec tty66 10.250.97.5 stop task_id=395 timezone=UTC service=shell start_time=1206209788 priv-lvl=0 cmd=exit

Sat Mar 22 15:15:49 2008 192.168.10.3 cciesec tty66 10.250.97.5 stop task_id=390 timezone=UTC service=shell start_time=1206209779 disc-cause=1 disc-cause-ext=9 pre-session-time=3 elapsed_time=9

This is a very powerful link:

http://www.shrubbery.net/tools.html

What???

You lost me, dude.

Hi, michael

There is a free version of tacacs+ for linux on cisco ftp site:

ftp://ftp-eng.cisco.com/pub/tacacs/

username:anonymous

password:your email address

It surely support command audit (or it won't be called AAA), but not sure about the integration with LDAP. You will be required a liitle bit linux's skill to install this program anyway.

Another Cisco product is called Secure ACS. Even the try version cost a bit (I forgot how much). Besides, the order procedure is not very easy(at least to me)

See if this is what you want, if it's not, goto the following page:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.ee6e1fe

and repeat your question there.

HTH

SSLIN

SSLIN:

Thank you very much for your time.

MW

"Does any of you know if any one of the free TACACS+ servers

support Cisco command auditing, as well as the user store

in an LDAP database?"

you can find it here:

http://www.shrubbery.net/tools.html

"There is a free version of tacacs+ for linux on cisco ftp site:

ftp://ftp-eng.cisco.com/pub/tacacs/

username:anonymous

password:your email address"

This version is very old. The newer version is at:

http://www.shrubbery.net/tools.html

There are many new features in this version. It is an

"enhanced" version of Cisco Freeware tacacs

"but not sure about the integration with LDAP"

Yes, it will support LDAP and One-Time-Password (OTP);

however, you have to understand C programming to make

it work. I got it to work with LDAP, OTP and SecurID

by hacking the source code. It is not that difficult

once you read and understand the source code. In

term of installing it on Linux, it is as easy as 1-2-3.

"./configure, make and make install and that's it.

CCIE Security

Thanks, Mr CCIE security. :-)

Review Cisco Networking for a $25 gift card