Changes

720 bytes added ,  13:40, 20 October 2022
no edit summary
Line 19: Line 19:     
*In console:
 
*In console:
[[File:Networking rutx manual tacacs docker container in console v1.png.png|alt=|border|class=tlt-border]]
+
[[File:Networking rutx manual tacacs docker container in console v1.png.png|border|class=tlt-border|link=Special:FilePath/Networking_rutx_manual_tacacs_docker_container_in_console_v1.png.png]]
    
*In Docker Desktop:
 
*In Docker Desktop:
[[File:Networking rutx manual tacacs docker container v1.png.png|alt=|border|class=tlt-border|900px]]
+
[[File:Networking rutx manual tacacs docker container v1.png.png|border|class=tlt-border|900px|link=Special:FilePath/Networking_rutx_manual_tacacs_docker_container_v1.png.png]]
    
*After successfully creating a container, copy the '''CONTAINER ID''' from the Docker Desktop application or console terminal.
 
*After successfully creating a container, copy the '''CONTAINER ID''' from the Docker Desktop application or console terminal.
[[File:Networking rutx manual tacacs docker container copy v1.png.png|alt=|border|class=tlt-border]]
+
[[File:Networking rutx manual tacacs docker container copy v1.png.png|border|class=tlt-border|link=Special:FilePath/Networking_rutx_manual_tacacs_docker_container_copy_v1.png.png]]
    
==Configuring the Docker container==
 
==Configuring the Docker container==
Line 33: Line 33:     
The result should look similar to this:
 
The result should look similar to this:
[[File:Networking rutx manual tacacs docker container loggedin v1.png|alt=|border|class=tlt-border]]
+
[[File:Networking rutx manual tacacs docker container loggedin v1.png|border|class=tlt-border|link=Special:FilePath/Networking_rutx_manual_tacacs_docker_container_loggedin_v1.png]]
      Line 44: Line 44:  
Edit the original '''user = admin''' to '''user = root''' and change the password, the password will override the original router password for the configured root user. Please '''do not''' delete the word "'''clear'''" (underlined in green in the example below) in front of the password. You can also edit the secret key in the '''host = world''' section, this variable is called a key, and by default, it’s set to '''tac_plus_key'''. After you finish the editing to save the configuration file click CTRL+X, then choose YES (Y button on the keyboard) and ENTER.
 
Edit the original '''user = admin''' to '''user = root''' and change the password, the password will override the original router password for the configured root user. Please '''do not''' delete the word "'''clear'''" (underlined in green in the example below) in front of the password. You can also edit the secret key in the '''host = world''' section, this variable is called a key, and by default, it’s set to '''tac_plus_key'''. After you finish the editing to save the configuration file click CTRL+X, then choose YES (Y button on the keyboard) and ENTER.
   −
[[File:Networking rutx manual tacacs docker container configuration v2.png|alt=|border|class=tlt-border]] [[File:Networking_rutx_manual_tacacs_docker_container_configuration_v3.png|alt=|border|class=tlt-border]]
+
[[File:Networking rutx manual tacacs docker container configuration v2.png|border|class=tlt-border|link=Special:FilePath/Networking_rutx_manual_tacacs_docker_container_configuration_v2.png]] [[File:Networking_rutx_manual_tacacs_docker_container_configuration_v3.png|border|class=tlt-border|link=Special:FilePath/Networking_rutx_manual_tacacs_docker_container_configuration_v3.png]]
      −
* Make sure that '''port number 49''' (TACACS) is accessible. Depending on your operating system make the required adjustments to the firewall. Restart the Docker container to start it with the new configuration settings.  [[File:Networking rutx manual tacacs docker container restart v1.png|alt=|border|class=tlt-border|900px]]
+
* Make sure that '''port number 49''' (TACACS) is accessible. Depending on your operating system make the required adjustments to the firewall. Restart the Docker container to start it with the new configuration settings.  [[File:Networking rutx manual tacacs docker container restart v1.png|border|class=tlt-border|900px|link=Special:FilePath/Networking_rutx_manual_tacacs_docker_container_restart_v1.png]]
    
==Router configuration==
 
==Router configuration==
    
* Install the PAM package from the package manager or you can find it and download it at the following link: https://wiki.teltonika-networks.com/view/RUTX11_Package_Downloads
 
* Install the PAM package from the package manager or you can find it and download it at the following link: https://wiki.teltonika-networks.com/view/RUTX11_Package_Downloads
* Navigate to WebUI -> Administration -> Access control -> General
+
* Navigate to WebUI Administration Access control General
 
* Switch '''Enable PAM support''' to '''ON''' in the '''SSH''' section, click save and apply.
 
* Switch '''Enable PAM support''' to '''ON''' in the '''SSH''' section, click save and apply.
 
* Switch from General to the PAM tab.
 
* Switch from General to the PAM tab.
Line 58: Line 58:  
* Change the settings:
 
* Change the settings:
   −
[[File:Networking rutx manual tacacs pam settings in router v1.png|alt=|border|class=tlt-border]]
+
[[File:Networking rutx manual tacacs pam settings in router v1.png|border|class=tlt-border|link=Special:FilePath/Networking_rutx_manual_tacacs_pam_settings_in_router_v1.png]]
    
==Testing the configuration==
 
==Testing the configuration==
Line 67: Line 67:  
* If you check the logs (logread command), you should see something like this:
 
* If you check the logs (logread command), you should see something like this:
   −
[[File:Networking rutx manual tacacs docker logs v1.png.png|alt=|border|class=tlt-border]]
+
[[File:Networking rutx manual tacacs docker logs v1.png.png|border|class=tlt-border|link=Special:FilePath/Networking_rutx_manual_tacacs_docker_logs_v1.png.png]]
    
* Keep in mind that you '''wouldn't be able to access the router''' via SSH using the '''default router password''' unless you turn off the PAM authentication in the router's WEBUI.
 
* Keep in mind that you '''wouldn't be able to access the router''' via SSH using the '''default router password''' unless you turn off the PAM authentication in the router's WEBUI.
0

edits