RARE user and assistance email list

[Piotr Boguszewski <>]

Hi,

I have been trying to configure AAA authorization using freeRtr.
Shown example works for command authorization configured locally, the
authentication works using external AAA appliance TACACS+NG.

-------------------------------------------

R104#show running-config aaa
aaa tacacs AAA-1
 secret $v10$MTIzLW15X3RhY2Fjc19rZXk=
 server 192.0.2.1
 exit
aaa userlist AAA-command
 allowed show .*
 allowed exit
 allowed logout
 allowed differs .*
 allowed view .*
 allowed display .*
 allowed watch .*
 allowed terminal .*
 allowed game .*
 exit

R104#show running-config server telnet R104-T
server telnet R104-T
 security protocol telnet
 exec authorization AAA-command
 login authentication AAA-1
 vrf v1
 exit
!

R104#show aaa ?
  <name>      - aaa list
  AAA-1       - aaa list
  AAA-command - aaa list

R104#show aaa AAA-1
reply  times  ago       last
ok     9      00:01:11  2023-08-01 21:56:51
fail   2      00:27:13  2023-08-01 21:30:49
error  0      never     1970-01-01 00:00:00


R104#show aaa AAA-command
reply  times  ago       last
ok     6      00:00:00  2023-08-01 21:58:06
fail   1      00:00:52  2023-08-01 21:57:14
error  0      never     1970-01-01 00:00:00

user  times  ago  last

R104#show users
user      from                                        since
cisco     telnet ethernet1 23 -> 10.100.100.10 47464  00:01:48
<nobody>  tty1                                        00:02:17

-------------------------------------------

I would like to move the command authorization to a TACACS+ daemon.
I did not find documentation about this topic, nothing of use.
Also I do not know if command authorization would be working with
freeRtr.

Is there something similar for documentation like this for freeRtr,
regarding AV pairs and TACACS+ or RADIUS like this document here:
https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115926-tacacs-radius-devices-00.html

Thanks.

Piotr B.