Subject: RARE user and assistance email list
List archive
- From: Piotr Boguszewski <>
- To:
- Subject: [RARE-users] freeRtr AV pairs documentation
- Date: Wed, 2 Aug 2023 00:03:17 +0200
- Organization: non profit
- Ui-outboundreport: notjunk:1;M01:P0:4UUrQCp3nUA=;UE3xlofJ9qs/x9sORfuGOVK5QDU rMXv73ObVxLSgHgU7bCbT5aqZFUa4+Ba6nGfBzZD1Xg8tPaLql4w5r5wI9lZPujwY5EyrrptT cD4BSu0lqgsmBe6c8C+7TLKKg9MHqTGBxvsVRkecX1wPD4xAEb76VbueW/hNRg7ygq4KxZE0o NYYPAVbixEgxUKFqZcAIZqE5gUOubltXjDUUJEJJgtB8BBcMsZccfuBXDZ5JfK3xlzUvx6MuY RhIOsJMUQutaua3mzkw8Xf5W+ZfW5uCFF/DtDJ6J6RFsMuUXfyXKRNGKU7HfmghjABi0a8oSf xmsoRXsAVv0G3OGD/4mnPnInCS7J53qrxT96UwyW4vjucqLE3qFDqgC2jqpXrkpLB7QFYYS6p Wm4ABe//HQfzK9vjZfet7KOimSVlG52cMIG/BTnYidD411puk5955c904KxqFLrjeVgSXeDgE c2a8O8odby6qlU4tyJ1278IR6wl4KGxsgxq2rOOovNOCI1rM6ypAxsceEE8+k1MIpRxTLlapE aHDH5LQG1RKcSLieyZ3jwP6XSRpM4JvrrQuWqD42QRd2lkFsOiQ2wYbl7Bnd22OYA7giuvqqG 0hYdli3n1xaMS2aRv9ohi6mpVaxBEF1+p5I9lTEuL07tk9+Nje4YZAPA5LedIAgY6OP2jbYMU uDS6wedTWK2xbeAZ7TLqjXTjKSor50oIyUtiMlwbjnW/D0tfbN8jFY0GcQ6zbfMyft1ldEck+ 9zBnDjiVjVFkpk82fzwIs9w1UADbPaYFl6+10YEuYMp7T7ZJsOoMhTf/ySxivvHWyZ6W0uy8y 0t6rMx1DwMVh0WZkDIqW6681C6mgtoQNnLaXEgvYG0t/PLskmr9HUqXkCXf3viXvy1eFMarit JE6beIgOFIO2qc8S5uewywTWEthkPmEaB4ECnAUtzo4Z5y2Y5p1WLA5hVaDQvLlctvnJoIwxw NLZ3h9Tg5AeUiDVGdxYFbuxDIDM=
Hi,
I have been trying to configure AAA authorization using freeRtr.
Shown example works for command authorization configured locally, the
authentication works using external AAA appliance TACACS+NG.
-------------------------------------------
R104#show running-config aaa
aaa tacacs AAA-1
secret $v10$MTIzLW15X3RhY2Fjc19rZXk=
server 192.0.2.1
exit
aaa userlist AAA-command
allowed show .*
allowed exit
allowed logout
allowed differs .*
allowed view .*
allowed display .*
allowed watch .*
allowed terminal .*
allowed game .*
exit
R104#show running-config server telnet R104-T
server telnet R104-T
security protocol telnet
exec authorization AAA-command
login authentication AAA-1
vrf v1
exit
!
R104#show aaa ?
<name> - aaa list
AAA-1 - aaa list
AAA-command - aaa list
R104#show aaa AAA-1
reply times ago last
ok 9 00:01:11 2023-08-01 21:56:51
fail 2 00:27:13 2023-08-01 21:30:49
error 0 never 1970-01-01 00:00:00
R104#show aaa AAA-command
reply times ago last
ok 6 00:00:00 2023-08-01 21:58:06
fail 1 00:00:52 2023-08-01 21:57:14
error 0 never 1970-01-01 00:00:00
user times ago last
R104#show users
user from since
cisco telnet ethernet1 23 -> 10.100.100.10 47464 00:01:48
<nobody> tty1 00:02:17
-------------------------------------------
I would like to move the command authorization to a TACACS+ daemon.
I did not find documentation about this topic, nothing of use.
Also I do not know if command authorization would be working with
freeRtr.
Is there something similar for documentation like this for freeRtr,
regarding AV pairs and TACACS+ or RADIUS like this document here:
https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115926-tacacs-radius-devices-00.html
Thanks.
Piotr B.
- [RARE-users] freeRtr AV pairs documentation, Piotr Boguszewski, 08/01/2023
- Re: [RARE-users] freeRtr AV pairs documentation, Frédéric LOUI, 08/07/2023
Archive powered by MHonArc 2.6.24.