The following examples use these addresses:
Munin server: 192.184.94.230 (ramnode.advanxer.com)
Munin node 1: 192.210.208.175 (bluevm.advanxer.com)
Munin node 2: 54.254.177.162 (ec2.advanxer.com)

Server side configuration
/etc/munin/munin.conf
htmldir /usr/share/nginx/www/munin
# a simple host tree
[ramnode.advanxer.com]
address 127.0.0.1
use_node_name yes

[bluevm.advanxer.com]
address 192.210.208.175
use_node_name yes

[ec2.advanxer.com]
address 54.254.177.162
use_node_name yes
# port 4950

Munin node configuration
/etc/munin/munin-node.conf
host_name vps.advanxer.com
allow ^192\.184\.94\.230$

Force node update: su - munin /usr/share/munin/munin-update
Look for update activity at /var/log/munin/munin-update.log

Reference:
http://www.mbse.eu/linux/homeserver/mgmt-maint/munin/
http://munin-monitoring.org/wiki/munin.conf
http://docs.mongodb.org/ecosystem/tools/munin/

Lab environment/requirement
Ubuntu/Debian server
Tacacs+ software from Shruberry
Cisco Catalyst switches
User id: advanxer
Password: helloword
Enable password: ciscoenable

Download and install tacacs+
wget ftp://ftp.shrubbery.net/pub/tac_plus/tacacs+-F4.0.4.27a.tar.gz

Extract it
tar -zxvf tacacs+-F4.0.4.27a.tar.gz

Go into extracted folder
cd tacacs+-F4.0.4.27a

Install dependencies (if needed)
apt-get install build-essential flex bison libwrap0-dev

Install tacacs+
./configure
make install

Check tacacs+ is installed
ls /usr/local/bin/
You should see 2 files:
tac_plus – tacacs+ executable file
tac_pwd – generate DES or MD5 encryption of a password

Create user id and encrypted password, for example username is advanxer password is helloworld
[email protected]:~# tac_pwd
Password to be encrypted: helloworld
6Zvw8uD3yX4eI

Create encrypted password for enable password:
[email protected]:~# tac_pwd
Password to be encrypted: ciscoenable
2mq3JtC3knwQw

Now we have this user info:
username advanxer
cleartext password helloword encrypted password 6Zvw8uD3yX4eI
cleartext enable password ciscoenable encrypted password 2mq3JtC3knwQw

Tacacs+ configuration
Create tacacs folder in /etc & create the tac_plus.conf file
mkdir /etc/tacacs
cd /etc/tacacs
nano tac_plus.conf

#setting the tacacs/NAS key"
key = "sup36s3c63t"

# Where is the accounting records to go
accounting file = /var/log/tacacs.log

#Enable password setup for all users:
user = $enable$ {
login = des 2mq3JtC3knwQw
}

#user accounts–here user details are defined
#[email protected]
user = advanxer {
default service = permit
member = networkadmingroup
login = des 6Zvw8uD3yX4eI
}

#user account for read only access
user = helpdesk{
default service = deny
member = readonly
login = des 6Zvw8uD3yX4eI
}

#group details
# admin group
group = networkadmingroup {
default service = permit
service = exec {
priv-lvl = 15
}
}

# read only group
group =readonly {
default service = deny
service = exec {
priv-lvl = 0
}
cmd=show {
permit .*
}
cmd=enable {
permit .*
}
cmd=exit {
permit .*
}
}

To support Cisco Nexus OS, add following lines to your user groups so it will become like this:
# admin group
group = networkadmingroup {
default service = permit
service = exec {
priv-lvl = 15
shell:roles=”network-admin”
}
References:
http://freelinuxtutorials.com/tutorials/installation-setup-of-free-tacacs-server-in-linux/
http://wiki.gentoo.org/wiki/TACACS_Server_using_tac_plus#Installation
http://www.debianhelp.co.uk/tacas.htm
http://routing-bits.com/2011/05/24/nexus-user-roles/

Incoming search terms:

  • tac_pwd tac_plus conf