We start by installing TACACS+ on Kali Linux. Then we configure the authentication.

Using Linux as a server is generally more stable than Windows machines. But if you want at all costs test TACACS+ on a Windows machine, then this tutorial may help you.

TACACS+ Installation

You must have Linux Kali connected to internet to donwload the package.

apt-get install tacacs+


service tacacs+ start
netstat -ltp | grep tac


another way to verify it:

lsof -i:49


to modify the TACACS+ configuration file:

nano /etc/tacacs+/tac_plus.conf

after each modification you must restart the TACACS+ service:

service tacacs+ restart

TACACS+ Configuration

start with modifying the configuration file with:

nano /etc/tacacs+/tac_plus.conf

Define the shared secret used to communicate between the AAA client and the TACACS+ server:

authentication-authorization-accounting-kali-linux-2017-07-01 17_00_45

Rtr-1(config)#tacacs-server host key Blabla

Rtr-1(config)#aaa authentication login default group tacacs+ local

Define a group

authentication-authorization-accounting-kali-linux-2017-07-01 17_02_41

Define a user as part of the group.

authentication-authorization-accounting-kali-linux-2017-07-01 17_03_29

Rtr-1#deb tacacs authentication
 TACACS+ authentication debugging is on

authentication-authorization-accounting-kali-linux-2017-07-01 17_52_44

authentication-authorization-accounting-kali-linux-2017-07-01 17_52_59

authentication-authorization-accounting-kali-linux-2017-07-01 17_53_11

Configuring authorization with the tacacs+ Debian deamon is a pain in the ass. I will step away from it and play with either ACS or ISE.

Categories: CCNA Security

Keyboard Banger

Keyboard Banger is a network engineer from Africa. He has been working in network support and administration since 2008. He started writing study notes about certification exams and technology topics a couple of years ago. When he's not writing articles, he can be found wandering on technical forums.


Leave a Reply

Your email address will not be published. Required fields are marked *