我已将 Redhat Enterprise linux 服务器 5.5 迁移到 IPv6 。现在我想跑塔卡克斯+对于 IPv6。当从我的客户端进行测试时,它返回“无法连接到 IPv6 地址的服务器”,但对于 IPv4,它工作正常。
Linux监听端口快照:
[root@ADA-Linux-Service-2 ~]# netstat -an | grep :49
tcp 0 0 0.0.0.0:49 0.0.0.0:* LISTEN
tacacs 服务启动后,我尝试使用 IPv6 的绑定选项,它返回以下错误:
Reading config
Version F4.0.4.26 Initialized 1
get_socket: bind 49 Address already in use
我不知道如何让 tacacs+ 监听 IPv6 地址。我是否需要创建条目来tac_plus.cfg侦听 IPv6?
答案1
我遇到了这个 linuxquestions 线程,讨论如何为 IPv6 设置 TACACS+,标题为:如何让 TACACS+ 适用于 IPv6 接口。具体来说,您需要将其添加到您的tac_plus.cfg文件中:
id = spawnd {
listen = {address=2001::aaa1 port = 49 }
spawn = {
instances min = 1
instances max = 10
}
该listen行包含 IPv6 IP 地址。您可以使用以下命令确认它是否正常工作:
$ netstat -l
...
tcp6 0 0 2001::aaa1%32175:tacacs [::]:* LISTEN
完整示例 .cfg 文件
id = spawnd {
listen = {address=2001::aaa1 port = 49 }
spawn = {
instances min = 1
instances max = 10
}
background = no
}
id = tac_plus {
debug = PACKET AUTHEN AUTHOR
access log = /hone/tornado/tacacs+/access.log
accounting log = /home/tornado/tacacs+/acct.log
host = world {
address = ::/0
prompt = "Welcome\n"
enable 15 = clear force10
key = testing123
}
group = admin {
default service = permit
service = shell {
default command = permit
default attribute = permit
set priv-lvl = 15
}
}
user = admin {
password = clear admin
member = admin
service = shell {
default command = permit
default attribute = permit
set priv-lvl = 15
}
}
}