xtacacsd v4.1 Installation Guide

The following is the stepwise installation of xtacacsd v4.1:

  1. Download the software from the Netplex Technologies Inc. site (click here).

  2. Copy the downloaded xxx.tar.gz file into a temporary directory (/var/tmp)

  3. Assuming you have gunzip on your system, use the following to open the archive:

    gunzip -c xtacacsd-4.1.tar.gz | tar xvf -

    This will create a directory called xtacacsd-4.1 under /var/tmp/

  4. Select a location for installation of the xtacacsd software. For example, the binaries, etc. can go under /usr/local/xtacacs and the WTMP and UTMP files can go into /var/spool/xtacacs.

  5. Edit the Makefile and edit the MYCFLAGS and MYLIBS portion of the file. If you are using DCE or the PH/QI database database software then make sure you have the appropriate libraries and include files. Edit the location of your WTMP and UTMP files. Uncomment the CHAP and ARAP lines if needed.

    Most of the options dont require changes- the important ones are:

    Create an ASCII version of the wtmp file (v4.1 and above). The supplied taclast utility can read and parse the ASCII wtmp files.
    If the CommServers are configured to authenticate `Enable' type requests, you can either define a specific username using ENABLE_USER, or else let the user enter his/her own username and password. If ENABLE_USER is defined, the username+password that is required during an `enable' will be that of the ENABLE_USER.
    The syslog(3) logging facility (LOG_LOCAL6 by default).

  6. Type 'make'.

  7. If there are no major compilation errors (assuming the installation directories are as selected above:)

    mkdir /usr/local/xtacacs
    mkdir /usr/local/xtacacs/bin /usr/local/xtacacs/etc
    cp xtacacsd taclast tacupd xpasswd Getpw /usr/local/xtacacs/bin
    cp xtacacsd-conf /usr/local/xtacacs/etc/
    ln -s /usr/local/xtacacs/bin/xtacacsd /etc/
    ln -s /usr/local/xtacacs/etc/xtacacsd-conf /etc/

  8. Edit /usr/local/xtacacs/etc/xtacacsd-conf as per your requirements.

  9. Edit /etc/services and add the following line in case it is not in it already:

    tacacs 49/udp

  10. Edit /etc/inetd.conf and add the following line (the entire string should be on one long line):

    tacacs dgram udp wait root /etc/xtacacsd xtacacsd -c /etc/xtacacsd-conf

    Then restart inetd or else send it a HUP signal so that it re-reads the new configuration file.
    Do NOT run the server in standalone mode except for testing or debugging. This server has been designed so that you will NOT suffer a performance penalty for running out of inetd. It does not exit after processing each request, only after a period of inactivity.

  11. Edit /etc/syslog.conf and add the following line:

    local6.debug /var/log/tacacs

    Set the appropriate directory and file locations here. Then kill and restart syslogd or else send it a HUP signal.

  12. Setup the alternate password files if desired and update the xtacacsd-conf configuration file. Also try using tacping.pl to see if your server works.

  13. If using alternate password files, use Getpw -c password file to create the DBM database for your passwd file. This will create two files with the extension .pag and .dir. Recreate these files if you make any changes to the password file (perhaps automatically every 8 hours from the crontab).

  14. Look for all errors in your /var/adm/messages file.


Copyright © 1994-1997 Vikas Aggarwal