среда, 7 сентября 2016 г.

TACAS+ on Linux (Cisco/Active Directory)

This note about tacacs+ service on Linux with Active Directory authentication for Cisco devices.
It's not a super exclusive material, just yet another set of instructions.

Assume that you have installed Ubuntu server, in my case it was 16.04.1.
You should download non-standard version of tacacs+ :

wget http://www.pro-bono-publico.de/projects/src/DEVEL.tar.bz2

Installation is simple enough, decompress, configure, make and install. My own suggestion, use checkinstall, don't use make install ever!
Here is the original instructions:

When you finish installation procedure, you need to install required perl packages for mavis module, in ubuntu this packet called libnet-ldap-perl

By default you need to add init scripts from archive:

cp /usr/local/etc/mavis/sample/tac_plus.cfg /usr/local/etc/

or just use mine:


id = spawnd {

        listen = { port = 49 }

        spawn = {

                instances min = 1

                instances max = 10


        background = yes


id = tac_plus {

  # logging

        access log = ">/var/log/tac_plus/access/%Y%m%d.log"

        accounting log = ">/var/log/tac_plus/acct/%Y%m%d.log"


  # Active Directory

        mavis module = external {

                setenv LDAP_SERVER_TYPE = "microsoft"

                setenv LDAP_HOSTS = "" # ipaddress of AD server

                setenv LDAP_SCOPE = sub

                setenv LDAP_BASE = "dc=domain,dc=name" # domain.name

                setenv LDAP_FILTER = "(&(objectclass=user)(sAMAccountName=%s))"

                setenv LDAP_USER = "user@domain.name" # user which can read AD tree

                setenv LDAP_PASSWD ="user_password"

                setenv REQUIRE_TACACS_GROUP_PREFIX = 1

                exec = /usr/local/lib/mavis/mavis_tacplus_ldap.pl


        login backend = mavis

        user backend = mavis

        pap backend = mavis

        host = world {

                address = ::/0

                welcome banner = "Welcome\n"

  enable 15 = clear secret

                key = "TACACSSECRET"


        # ADMIN GROUP

        group = admin {

            message = "[Admin privileges]"

            default service = permit

            service = shell {

                default command = permit

                default attribute = permit

                set priv-lvl = 15




Be sure that you have tacacsadmin group in active directory. 

Check if LDAP connection is working properly

/usr/local/bin/mavistest /usr/local/etc/tac_plus.cfg tac_plus TACPLUS user_from_group user's_password

пятница, 27 ноября 2015 г.

Linux LVM Root VG extension

# fdisk -l
To see the new disk size on /dev/sda which we just extended, or to see new disks we just presented (/dev/sdb, /dev/sdc, etc.)
# fdisk /dev/sda
To create new partitions for the OS to use. These new partitions will be added to the VG so we can extend the LV that the “/” partition is on. My newly created partition in the example is /dev/sda3. For new disks you would use /dev/sdb, or /dev/sdc. If you are using an extended /dev/sda like in my case, you will need to reboot for the changes to be seen
# fdisk -l
To see the new partitions
# pvdisplay
View current physical volumes a.k.a. pv
# pvcreate /dev/sda3
Allow Linux OS to use the new partition in LVM
# pvdisplay
See the new pv /dev/sda3
# vgdisplay
View the current volume groups
# vgextend VolumeGroupName /dev/sda3
Add the new PV /dev/sda3 to the existing VG VolumeGroupName
# vgdisplay
Now you can see the new size of the VG VolumeGroupName. Note the new amount of free PE’s (physical extents)
# lvdisplay
View the current LV. In my example, /dev/VolumeGroupName/lv_root which is the root partition
# lvextend -l +2559 /dev/VolumeGroupName/lv_root
Now make the LV larger. Growing the LV /dev/VolumeGroupName/lv_root by 2559 PEs
# lvdisplay
Now you can see the larger size of the LV
# resize2fs /dev/VolumeGroupName/lv_root
Online resize of the actual filesystem now on that LV
# df -h
You can see the new size now using the “df” command