请使用 AD auth 帮助 TACACS(错误:预期的“服务”,但得到“服务”)

网络工程 塔卡克斯
2021-07-12 09:55:47

您如何在 Ubuntu 16.04 上配置 TACACS+ tac_plus 服务器以针对 Microsoft Active Directory 进行身份验证?

tac_plus按照上面的方法运行了所有命令,但似乎无法得到以下错误的答案:

/usr/local/etc/tac_plus.cfg:49: Expected 'service', but got 'servive'
19500: /usr/local/etc/tac_plus.cfg:49: Expected 'service', but got 'servive'
19500: Detected fatal configuration error. Exiting.

下面是我的配置:

#!/usr/local/sbin/tac_plus
id = spawnd {
        listen = { port = 49 }
        listen = { port = 4949 }
        listen = { address = 0.0.0.0 port = 49 }
        spawn = {
                instances min = 1
                instances max = 10
        }
        background = yes
}

id = tac_plus {
        access log = /var/log/tac_plus/access/%Y/%m/access-%m-%d-%Y.txt
        accounting log = /var/log/tac_plus/accounting/%Y/%m/accounting-%m-%d-%Y.txt
        authentication log = /var/log/tac_plus/authentication/%Y/%m/authentication-%m-%d-%Y.txt

        mavis module = external {
                setenv LDAP_SERVER_TYPE = "microsoft"
                #If you are using Microsoft Global Catalog with secure LDAP (SSL)
                #setenv LDAP_HOSTS = "ldaps://192.168.0.97:3269"
                #If you are using Microsoft Global Catalog with regular LDAP (non-SSL)
                setenv LDAP_HOSTS = "192.168.0.54:3268"
                setenv LDAP_BASE = "DC=xxxxxxx,DC=xxx"
                setenv LDAP_SCOPE = sub
                setenv LDAP_FILTER = "(&(objectClass=user)(objectClass=person)(sAMAccountName=%s))"
                setenv LDAP_USER = "tacacs@xxxxx.xxx"
                setenv LDAP_PASSWD = "xxxxxxxx"
                setenv UNLIMIT_AD_GROUP_MEMBERSHIP = 1
                setenv EXPAND_AD_GROUP_MEMBERSHIP = 0
                setenv AD_GROUP_PREFIX = ""
                setenv REQUIRE_TACACS_GROUP_PREFIX = 0
                exec = /usr/local/lib/mavis/mavis_tacplus_ldap.pl
        }

        login backend = mavis
        user backend = mavis
        pap backend = mavis

        host = world {
                #Allow any IPv4 device
                address = 0.0.0.0/0
                #address = ::/0
                prompt = "Enter Windows Crendetails.\n"
                key = "xxxxxxxxxx"
                }

                group = ops {

                            default servive = permit
                            login = PAM
                            service = shell {
                            default command = permit
                            default attribute = permit
                            set priv-lvl = 15
                        }
                }

                group = noc {
                        default service = deny
                                login = PAM
                                service = exec {
                                priv-lvl = 15
                                }
                                cmd = show {
                                permit .*
                                }
                                cmd = exit {
                                permit .*
                                }
                                cmd = quit {
                                permit .*
                                }
                                cmd = ping {
                                permit .*
                                }
                                cmd = traceroute {
                                permit .*
                                }
                                cmd = end {
                                permit .*
                        }
        }

                ### USER DEFINITION ###
                user = khensani.baloyi {
                member = ops
                }

    }
1个回答

你拼错了service

默认Servi大街v E =许可证

其它你可能感兴趣的问题
上一篇为什么 DHCP 协议需要 Client ID? 下一篇当交换机监控端口拥塞时,流量会发生什么变化?