hi guys,
I just completed testing and configuring tac_plus on Centos. I have been testing my configs with network equipments (Cisco) for authentication, authorization and accounting and all services work well.
My problem: when i start tac_plus using the following command
/usr/sbin/tac_plus -C test_file3 -d 40
All tacss_plus logs are sent to /var/log/tac_plus.log
When I start tac_plus using the following command.
/etc/init.d/tac_plus start|restart|reload
logs are sent to /var/log/messages.
How can I change and have all logs to be sent to /var/log/tac_plus.log when using */etc/init.d/tac_plus*
My tac_plus.conf file.
Quote:
# Set up accounting file if enabling accounting on NAS
accounting file = /var/log/tac.log
# Enable password setup for everyone:
user = $enable$ {
login = cleartext "cisco"
}
# Group listings must be first:
group = admin {
# Users in group 'admin' have cleartext password
login = cleartext "admin"
expires = "Dec 31 1999"
}
group = operators {
# Users in group 'operators' have cleartext password
login = cleartext "operator"
expires = "Dec 31 1999"
}
group = transients {
# Users in group 'transient' have cleartext password
login = cleartext "transient"
expires = "Dec 31 1999"
}
# This user is a member of group 'admin' & uses that group's password to log in.
# The $enable$ password is used to enter enable mode. The user can perform all commands.
user = authenuser {
default service = permit
member = admin
}
# This user is limitted in allowed commands when aaa authorization is enabled:
user = telnet {
login = cleartext "telnet"
cmd = telnet { permit .* }
cmd = logout { permit .* } }
# user = transient {
# member = transients
# service = exec {
# When transient logs on to the NAS, he's immediately
# zipped to another site # autocmd = "telnet #.#.#.#" # } # }
# This user is a member of group 'operators' # & uses that group's password to log in
user = authenuser {
member = operators
# Since this user does not have 'default service = permit' when command
# authorization through TACACS+ is on at the router, this user's commands
# are limited to:
cmd = show { permit ver permit ip }
cmd = traceroute { permit .* }
cmd = logout { permit .* }
}
|