基于 IPv6 的 Tacac

基于 IPv6 的 Tacac

我已将 Redhat Enterprise linux 服务器 5.5 迁移到 IPv6 。现在我想跑塔卡克斯+对于 IPv6。当从我的客户端进行测试时,它返回“无法连接到 IPv6 地址的服务器”,但对于 IPv4,它工作正常。

Linux监听端口快照:

[root@ADA-Linux-Service-2 ~]# netstat -an | grep :49
tcp        0      0 0.0.0.0:49                  0.0.0.0:*                   LISTEN

tacacs 服务启动后,我尝试使用 IPv6 的绑定选项,它返回以下错误:

Reading config
Version F4.0.4.26 Initialized 1
get_socket: bind 49 Address already in use

我不知道如何让 tacacs+ 监听 IPv6 地址。我是否需要创建条目来tac_plus.cfg侦听 IPv6?

答案1

我遇到了这个 linuxquestions 线程,讨论如何为 IPv6 设置 TACACS+,标题为:如何让 TACACS+ 适用于 IPv6 接口。具体来说,您需要将其添加到您的tac_plus.cfg文件中:

id = spawnd {
listen = {address=2001::aaa1 port = 49 }
spawn = {
instances min = 1
instances max = 10
}

listen行包含 IPv6 IP 地址。您可以使用以下命令确认它是否正常工作:

$ netstat -l
...
tcp6 0 0 2001::aaa1%32175:tacacs [::]:* LISTEN

完整示例 .cfg 文件

id = spawnd {
  listen = {address=2001::aaa1 port = 49 }
  spawn = {
    instances min = 1
    instances max = 10
  }
  background = no
}

id = tac_plus {
  debug = PACKET AUTHEN AUTHOR

  access log = /hone/tornado/tacacs+/access.log
  accounting log = /home/tornado/tacacs+/acct.log

  host = world {
    address = ::/0
    prompt = "Welcome\n"
    enable 15 = clear force10
    key = testing123
  }
  group = admin {
    default service = permit
    service = shell {
      default command = permit
      default attribute = permit
      set priv-lvl = 15
    }
  }
  user = admin {
    password = clear admin
    member = admin
    service = shell {
      default command = permit
      default attribute = permit
      set priv-lvl = 15
    }
  }
}

相关内容