search

MarcJHuber / event-driven-servers

A collection of event-driven servers (currently: tac_plus, tac_plus-ng, ftpd, tcprelay)
https://www.pro-bono-publico.de/projects
Other
98 stars 25 forks source link

Migration from tac_plus version F4.0.4.27a #80

Closed enoch85 closed 9 months ago

enoch85 commented 9 months ago

Hi,

We are running tac_plus version F4.0.4.27a on a Debian server, and are in the process of moving away from that server due to legacy OS etc...

I'm just wondering if there's a good "migration path" to tac_plus-ng? From what I've read the requirements are different (less), and the config files looks a bit different..?

I'm new to TACACS+ so please bear with me. :)

MarcJHuber commented 9 months ago

Hi,

if I remember correctly, tac_plus F4... configuration is pretty close to the original Cisco tac_plus syntax. For migration, I'd start with one of the sample configurations provided and align the obvious "host" and "user" configuration parameters (keys, IP addresses, passwords) and assign users to groups.

Other things are pretty much different. E.g., tac_plus-ng got away with service definitions by using profiles and a basic scripting language to model the authorization flow. I'd have a look at the sample configuration, and the documentation might give pretty good starting point, too.

All in all, the complexity of migration pretty much depends on the complexity your existing configuration.

Cheers,

Marc

enoch85 commented 9 months ago

Thanks! Will have a look at this next week.

Keeping this open if further questions arise.