TechTalkSecurity

 TACACS+  Installation on CentOS: In the example below I will show you how to install tac_plus on a CentOS server. There’s a RPM available so this will save you the hassle of compiling the source code yourself. Let’s add the repository first: [root@server ~]# cd /etc/yum.repos.d/ [root@server yum.repos.d]# vim nux-misc.repo We will create a new repository file where we can grab tac_plus. This is what you should enter: [nux-misc] name=Nux Misc baseurl=http://li.nux.ro/download/nux/misc/el6/x86_64/ enabled=0 gpgcheck=1 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro Save the file and install tac_plus with the following command: [root@server ~]# yum --enablerepo=nux-misc install tac_plus That’s all you need to do. All configuration is done from a single config file. Let’s take a look at its contents: [root@server /]# vim /etc/tac_plus.conf You will see a lot of things in this default configuration file. Let me walk you through some of the fields. The first thing you see is a key,

1. Add the TACACS+ server to the FortiGate using the following commands on the CLI: config user tacacs+     edit <server name>         set authorization enable         set server <server ip>         set key <server key>         set authen-type chap     next end The auto config doesn't work with TACACS+ so y ou have to set the authentication type as "chap". You'll find the server key in the configuration file of your TACACS+ server. 2. Create a user group and add the server as a member: config user group     edit <tacacs+ group name>         set member <server name>     next end With this method, any user who has an account on the remote server can authenticate. Note:  Another method would be to create TACACS+ user accounts directly on your FortiGate. In this case, you have to specify which TACACS+ server you want to use for each user you create:   config user local     edit <user name>         set type tacacs+         set  tacacs+-s