authentication using radius backend

107 views

Skip to first unread message

Konrad

unread,

Oct 25, 2023, 7:19:29 AM10/25/23

to Event-Driven Servers

Hello All,

i'm installing tacacs using a 2fa with a duo-proxy. this proxy wants a user with a password string : password,yubikey-top"

however, it should work as a radius server
2023-10-25 10_54_27-Duo Two-Factor Authentication with RADIUS and Primary Authentication _ Duo Secur.png

Duo Two-Factor Authentication with RADIUS and Primary Authentication | Duo Security

i already configuret a secret and a ip for the auth.

now my tacacs conf:

#!../../../sbin/tac_plus

id = spawnd {
listen = { port = 49 }
spawn = {
instances min = 1
instances max = 10
}
background = no
}

id = tac_plus {
debug = PACKET AUTHEN AUTHOR

access log = /tmp/access.log
authorization log = /tmp/author.log
accounting log = /tmp/acct.log

#----- mavis backend -----
mavis module = tacinfo_cache {
directory = /tmp/tacinfo
}

mavis module = external {
exec = /usr/local/lib/mavis/mavis_tacplus_radius.pl
setenv RADIUS_HOST = 10.250.10.62:1812
setenv RADIUS_SECRET = "3UdkX39KaOy0sUfuDePF9DFKLUM9XxeH"
setenv RADIUS_GROUP_ATTR = Class
setenv RADIUS_PASSWORD_ATTR = Password
}

user backend = mavis
login backend = mavis
pap backend = mavis

#----- global settings -----
host = world {
address = ::/0
prompt = "Willkommen bei meiner Projektarbeit!"
enable 15 = clear secret
key = [secretforswitch]
}

#----- groups -----
group = admin {
service = shell {
default command = permit
set priv-lvl = 15
default attribute = permit
}
}

#----- user ------
user = myuser {
member = admin
}
}

unfortunatly i cant see a incoming auth on my duo-proxy.

using the radmavis external modul is not a option since i cant locate it under /usr/local/sbin

i hope you can help me. Thank you!

Konrad

Reply all

Reply to author

Forward

0 new messages