Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have customer who controls access to the internet via TACACS server, basically a PIX firewall uses authentication from the TACACS to say if traffic is allowed to pass out of the gateway. I can’t find anything on how to configure a linux client of TACACS authentication only how to set up a linux TACACS server.
For authentication you have supplicant, authenticator and an authentication server. The supplicant is the user and their PC tablet etc, the authenticator is the Firewall and the Authentication server is the TACAC's server.
TACACS protocol is used to pass information between the Authenticator and the Authenication Server. The interaction between the supplicant and the authenticator will be something else. It could be web based auth where the firewall presents a login server, or some method of providing credentials via http, whatever. You most likley need your linux client to emulate the supplicant->authenticator mechanism, not TACACS.
What I'm saying is I don't think you need a TACACs client. I think you need to know what the authentication mechanism is that is used between user and firewall. TACACs operates between Firewall and Auth Server, i.e its a backend process, not something a client would typically interact with directly. You need to know how the PC users are authenticating. Is it a web page they get presented with asking for credentials? Or is it like the password info configure in proxy settings?
i.e. user hits the firewall via HTTP and gets presented with a user/pass screen. User responds, effectively providing credentials via HTTP Post. Its the firewall that then requests via TACACS, authentication of that user from the Auth Server.
Authenticating yourself directly to the TACACS server might be a good test that TACACS is working, but doesn't acheive what you need which is to inform the Firewall that you are allowed through. You see you cut the Firewall out of the process?
You need to find out how users from their PC's provide authentication to the firewall. There are many ways of doing this and you would need to know which it is.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
