-   Linux - Networking (
-   -   Linux Client To Authenticate using TACACS (

metallica1973 09-18-2013 11:24 AM

Linux Client To Authenticate using TACACS
I have customer who controls access to the internet via TACACS server, basically a PIX firewall uses authentication from the TACACS to say if traffic is allowed to pass out of the gateway. I canít find anything on how to configure a linux client of TACACS authentication only how to set up a linux TACACS server.

baldy3105 09-18-2013 12:37 PM

For authentication you have supplicant, authenticator and an authentication server. The supplicant is the user and their PC tablet etc, the authenticator is the Firewall and the Authentication server is the TACAC's server.

TACACS protocol is used to pass information between the Authenticator and the Authenication Server. The interaction between the supplicant and the authenticator will be something else. It could be web based auth where the firewall presents a login server, or some method of providing credentials via http, whatever. You most likley need your linux client to emulate the supplicant->authenticator mechanism, not TACACS.

metallica1973 09-18-2013 04:41 PM

thank you for the reply. What clients are there? This is about the closest that I have come:

baldy3105 09-19-2013 03:34 PM

What I'm saying is I don't think you need a TACACs client. I think you need to know what the authentication mechanism is that is used between user and firewall. TACACs operates between Firewall and Auth Server, i.e its a backend process, not something a client would typically interact with directly. You need to know how the PC users are authenticating. Is it a web page they get presented with asking for credentials? Or is it like the password info configure in proxy settings?

i.e. user hits the firewall via HTTP and gets presented with a user/pass screen. User responds, effectively providing credentials via HTTP Post. Its the firewall that then requests via TACACS, authentication of that user from the Auth Server.

Authenticating yourself directly to the TACACS server might be a good test that TACACS is working, but doesn't acheive what you need which is to inform the Firewall that you are allowed through. You see you cut the Firewall out of the process?

You need to find out how users from their PC's provide authentication to the firewall. There are many ways of doing this and you would need to know which it is.

All times are GMT -5. The time now is 02:44 PM.