- Download the software from the Netplex Technologies Inc. site
(click
here).
- Copy the downloaded xxx.tar.gz file into a temporary directory
(/var/tmp)
- Assuming you have gunzip
on your system, use the following to open the archive:
gunzip -c xtacacsd-4.1.tar.gz | tar xvf -
This will create a directory called xtacacsd-4.1 under
/var/tmp/
- Select a location for installation of the xtacacsd software. For
example, the binaries, etc. can go under /usr/local/xtacacs
and the WTMP and UTMP files can go into /var/spool/xtacacs.
- Edit the Makefile and edit the MYCFLAGS and MYLIBS
portion of the file. If you are using DCE or the
PH/QI database database
software then make sure you have the appropriate libraries and
include files. Edit the location of your WTMP and UTMP files.
Uncomment the CHAP and ARAP lines if needed.
Most of the options dont require changes- the important ones are:
- ASCII_WTMP
-
Create an ASCII version of the wtmp file (v4.1 and
above). The supplied taclast utility can read and parse
the ASCII wtmp files.
- ENABLE_USER
-
If the CommServers are configured to authenticate `Enable'
type requests, you can either define a specific username using
ENABLE_USER, or else let the user enter his/her own username
and password. If ENABLE_USER is defined, the username+password
that is required during an `enable' will be that of the
ENABLE_USER.
- LOG_FACILITY
-
The syslog(3) logging facility (LOG_LOCAL6 by default).
- Type 'make'.
- If there are no major compilation errors (assuming the installation
directories are as selected above:)
mkdir /usr/local/xtacacs
mkdir /usr/local/xtacacs/bin /usr/local/xtacacs/etc
cp xtacacsd taclast tacupd xpasswd Getpw /usr/local/xtacacs/bin
cp xtacacsd-conf /usr/local/xtacacs/etc/
ln -s /usr/local/xtacacs/bin/xtacacsd /etc/
ln -s /usr/local/xtacacs/etc/xtacacsd-conf /etc/
- Edit /usr/local/xtacacs/etc/xtacacsd-conf as per your requirements.
- Edit /etc/services and add the following line in case it is
not in it already:
tacacs 49/udp
- Edit /etc/inetd.conf and add the following line (the
entire string should be on one long line):
tacacs dgram udp wait root /etc/xtacacsd
xtacacsd -c /etc/xtacacsd-conf
Then restart inetd or else send it a HUP signal so that it re-reads
the new configuration file.
Do NOT run the server in standalone mode
except for testing or debugging. This server has been designed
so that you will NOT suffer a performance penalty for running
out of inetd. It does not exit after processing each
request, only after a period of inactivity.
- Edit /etc/syslog.conf and add the following line:
local6.debug /var/log/tacacs
Set the appropriate directory and file locations here. Then kill
and restart syslogd or else send it a HUP signal.
- Setup the alternate password files if desired and update the
xtacacsd-conf configuration file. Also try using tacping.pl to see
if your server works.
- If using alternate password files, use Getpw -c password
file to create the DBM database for your passwd file. This will
create two files with the extension .pag and .dir.
Recreate these files if you make any changes to the password file
(perhaps automatically every 8 hours from the crontab).
- Look for all errors in your /var/adm/messages file.
