Centos 7 Automatic Service Start / TACACS+

I've configured TACACS+ running on CentOS 7 and the TACACAS+ configuration is working perfectly. However, I cannot get TACACS+ to run automatically upon startup.

I have configured the automatic service start using
chkconfig tac_plus --add

Open in new window

, everything looks good in
chkconfig tac_plus --list

Open in new window

. When I check the service status using
service tac_plus status

Open in new window

, everything is loaded & running, however when I trying to SSH to the switch I get huge delays and TACACS isn't available, only local authentication.

The only way I can get it to work is to do the following manual steps:-

1.) Upon server restart, stop the tac_plus service using
service tac_plus stop

Open in new window

2. Manually run the command
sudo tac_plus -C /etc/tac_plus.conf

Open in new window

3.) TACACS starts to work as expected

I have an extremely basic understanding with Linux, any help would be appreciated.
EnsingerLTDAsked:
Who is Participating?
 
David FavorConnect With a Mentor Linux/LXD/WordPress/Hosting SavantCommented:
Sigh... arnold is correct. The systemd madness has crept into every major Distro, except Alpine.

Fix approaches.

1) Easy - Just to get things running immediately + to work across reboots, add an entry to run tac_plus -C /etc/tac_plus.conf from your /etc/rc.local file... if that even works. Most systemd based systems, you'll have to enable to plumbing for /etc/rc.local to run at reboot time.

2) Permanent - Create a systemd service wrapper to start/stop tac_plus as a real systemd process.

Avoid using /etc/init.d based scripts. They may work after a fashion with CentOS 7 + likely be completely deprecated at some point in the future.
0
 
arnoldCommented:
centos7 uses systemctl versus the prior chkconfig

https://www.unix.com/man-page/centos/1/systemctl/

systemctl -a  

Not sure what your issue is does the check for auth from the switch (debug test) does it pass or fail)?
The issue could be that you did not configure firewalld or iptables to allow inbound connection or the ports you chose are not the same to whicih the switch sending the requests....


It is hard from the information you provided to determine what might be going on or what might be causing your issues.
1
 
Joy DingenenICT system consultantCommented:
Hai,

systemd is the best :) you learn to love it.
everything has tab-completion so it's very easy to use. Starting something on boot is done with
systemctl enable service_name

Open in new window


lets say you want to run that manual command in a systemd service that starts after the network card is on.
example
vi /etc/systemd/system/start_tacacs.service

[Unit]
Description=start_tacacs Service
After=network.target

[Service]
Type=forking
ExecStart=/path/to/tac_plus -f /path/to/tacacs.cfg


[Install]
WantedBy=multi-user.target

Open in new window

systemctl enable start_tacacs
systemctl start start_tacacs

Open in new window


Have fun with centos 7 :D
0
 
Joy DingenenICT system consultantCommented:
A small google search later i find:
TACACS server as systemd service, external logging
0
 
EnsingerLTDAuthor Commented:
I ended up completely binning off the CentOS installation as none of the solutions worked for me, however this comment ended up leading me down the right path so to speak. Whenever I tried to start TACACS+ using systemactl I kept receiving a message stating that TACACS+ is native to CHKCONFIG and would always revert me to setting up the CHKCONFIG process.

Ended up deploying Ubuntu Server, installed & configured TACACS+ without any issue whatsoever, as well as getting it to start automatically. This was satisfactory considering my basic Linux skills and requirement for simple TACACS+ deployment.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.