server - Tacacs GUI 上的 tac_plus.cfg 出现错误“/opt/tacacsgui/tac_plus.cfg_test:47: Unrecognized keyword 'host'”
问题描述
尝试应用我的 tacacs gui 配置时出现错误,我在 localhost 上使用不同的服务器尝试此配置,它正在工作,但在我的第一台服务器 tacacs 上没有
/opt/tacacsgui/tac_plus.cfg_test:47:无法识别的关键字“主机”
请帮我解决这个问题,这是我的 tac_plus.cfg :
id = spawnd {
####SPAWND####
listen = { port = 49 }
} ##END OF SPAWND
id = tac_plus { ##START GLOBAL CONFIGURATION
####GENERAL CONFIGURATION####
###MANUAL CONFIGURATION START###
log = accounting_log {
destination = "| /opt/tacacsgui/parser/tacacs_parser.sh accounting"
log separator = "|!|"}
log = authentication_log {
destination = "| /opt/tacacsgui/parser/tacacs_parser.sh authentication"
log separator = "|!|"}
log = authorization_log {
destination = "| /opt/tacacsgui/parser/tacacs_parser.sh authorization"
log separator = "|!|"}
###MANUAL CONFIGURATION END###
accounting log = accounting_log
authentication log = authentication_log
authorization log = authorization_log
connection timeout = 600
context timeout = 3600
password max-attempts = 1
password backoff = 1
separation tag = "*"
skip conflicting groups = yes
skip missing groups = yes
####MAVIS GENERAL SETTINGS####
user backend = mavis
login backend = mavis chpass
pap backend = mavis
mavis module = external {
exec = /opt/tacacsgui/mavis/app.php
} #END OF MAVIS GLOBAL SETTINGS
####LIST OF ACL####
####LIST OF DEVICE GROUPS####
host = defaultGroup {
welcome banner = "Unauthorized access is prohibited!"
motd banner = "Today is a perfect day! Have a nice day!"
failed authentication banner = "Go away! Unauthorized access is prohibited!"
} #END OF defaultGroup
host = datacomm {
key = "telkomcel"
enable = clear telkomcel
default group = datacomm_full
} #END OF datacomm
host = servicesolution {
key = "telkomcel"
enable = clear telkomcel
} #END OF servicesolution
####LIST OF HOSTS####
host = SW-CORE2 {
address = "192.168.101.12/32"
key = "telkomcel"
enable = clear telkomcel
template = datacomm
} #END OF SW-CORE2
host = PE2-INET-AIM {
address = "192.168.101.10/32"
key = "telkomcel"
enable = clear telkomcel
template = servicesolution
} #END OF PE2-INET-AIM
host = SRDLI02 {
address = "192.168.101.14/32"
key = "telkomcel"
enable = clear telkomcel
template = datacomm
} #END OF SRDLI02
####LIST OF USER GROUPS####
group = datacomm_full {
#### LDAP Groups List #### DistinguishedName ###
### CN=Users,CN=Builtin,DC=telkomcel,DC=tl ###
enable = clear telkomcel
default service = permit
###Service full START###
service = shell {
set priv-lvl = 15
default attribute = permit
default cmd = permit
} #END OF Cisco Router/Switch Service
###Service full END###
} #END OF datacomm_full
group = servicesolution_full {
#### LDAP Groups List #### DistinguishedName ###
### CN=Users,CN=Builtin,DC=telkomcel,DC=tl ###
enable = clear telkomcel
server = deny SW-CORE2
server = deny SRDLI02
default service = permit
###Service full START###
service = shell {
set priv-lvl = 15
default attribute = permit
default cmd = permit
} #END OF Cisco Router/Switch Service
###Service full END###
} #END OF servicesolution_full
group = servicesolution_read {
#### LDAP Groups List #### DistinguishedName ###
### CN=Users,CN=Builtin,DC=telkomcel,DC=tl ###
enable = clear telkomcel
server = deny SW-CORE2
server = deny SRDLI02
default service = permit
###Service read_only START###
service = shell {
set priv-lvl = 3
default attribute = permit
default cmd = permit
} #END OF Cisco Router/Switch Service
###Service read_only END###
} #END OF servicesolution_read
group = datacomm_read {
#### LDAP Groups List #### DistinguishedName ###
### CN=Users,CN=Builtin,DC=telkomcel,DC=tl ###
enable = clear telkomcel
default service = permit
###Service read_only START###
service = shell {
set priv-lvl = 3
default attribute = permit
default cmd = permit
} #END OF Cisco Router/Switch Service
###Service read_only END###
} #END OF datacomm_read
####LIST OF USERS####
user = 91007 {
login = mavis # LDAP
member = datacomm_read
pap = login # Clone login
enable = login # Clone login
default service = permit
###Service full START###
service = shell {
set priv-lvl = 15
default attribute = permit
default cmd = permit
} #END OF Cisco Router/Switch Service
###Service full END###
} #END OF 91007
user = 88014 {
login = mavis # LDAP
member = datacomm_read
pap = login # Clone login
enable = login # Clone login
default service = permit
###Service read_only START###
service = shell {
set priv-lvl = 3
default attribute = permit
default cmd = permit
} #END OF Cisco Router/Switch Service
###Service read_only END###
} #END OF 88014
user = 82001 {
login = mavis # LDAP
member = servicesolution_full
pap = login # Clone login
enable = login # Clone login
default service = permit
### GET SERVICES FROM GROUP
} #END OF 82001
user = 94003 {
login = mavis # LDAP
member = servicesolution_full
pap = login # Clone login
enable = login # Clone login
default service = permit
### GET SERVICES FROM GROUP
} #END OF 94003
user = 89014 {
login = mavis # LDAP
member = datacomm_full
pap = login # Clone login
enable = login # Clone login
default service = permit
### GET SERVICES FROM GROUP
} #END OF 89014
user = 18001 {
login = mavis # LDAP
member = servicesolution_read
pap = login # Clone login
enable = login # Clone login
default service = permit
### GET SERVICES FROM GROUP
} #END OF 18001
}##END GLOBAL CONFIGURATION
请帮助我如何在不重新安装 tacacs 服务器的情况下解决此问题
解决方案
我之前也遇到过同样的问题。这是因为名称中的特殊字符。我替换了特殊字符形式的名称,它对我有用。
推荐阅读
- javascript - 如何减慢单个请求/ API 端点的开发速度?
- c# - 使用自动映射器按惯例展开
- xml - 为什么在 Flutter 中为 xml 解析返回 null 模型类列表?
- json - JOLT 将日期和时间转换为时间戳
- c# - 从 C# 中的 .txt 文件中读取和删除随机行
- python - 我只想创建一个带有两个选项的 Tkinter 单选按钮:单击 = 选择另一个单击 = 未选中。我怎样才能做到这一点?
- javascript - 如何使用 npm 将一个库打包到另一个 JS 库中?
- javascript - Vue.js 变异输入数据属性
- python - OpenCV imshow 不提示窗口显示图像
- c# - 在 ASP.NET CORE 中添加多个 B2C 身份验证