<div dir="ltr">I use something similar to this with centos 7, a custom systemd tacacs service<div><br></div><div># cat /etc/systemd/system/tacacs.service<br></div><div><div>[Unit]</div><div>Description=TACACS+ daemon instance tacacs</div><div>Documentation=man:tac_plus(8) man:tac_plus.conf(5)</div><div>After=network.target</div><div><br></div><div>[Service]</div><div>Type=simple</div><div>ExecStartPre=/usr/local/sbin/tac_plus -P -C /etc/tacacs/tacacs.conf</div><div>ExecStart=/usr/local/sbin/tac_plus_mss -G -C /etc/tacacs.conf -l /var/log/tacacs.daemon.log -p 49 -d 8 -d 16</div><div>ExecReload=/bin/sh -c "/usr/local/sbin/tac_plus -P -C /etc/tacacs.conf >/dev/null 2>&1" && /bin/kill -HUP $MAINPID"</div><div>Restart=always</div><div><br></div><div>[Install]</div><div>WantedBy=multi-user.target</div></div><div><br></div><div>It should work perfectly with systemd. The only odd thing is tac_plus uses wrong syslog priority level for some of the status</div><div>messages and they show red even for success. I already have an email about this and have not see any response to that.</div><div><br></div><div>However, actually systemd fuctionality should be fine and I have it tested and running in production</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 12, 2018 at 11:02 AM, Rick Coloccia <span dir="ltr"><<a href="mailto:coloccia@geneseo.edu" target="_blank">coloccia@geneseo.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I've been using tac_plus for years, never any issues. Thanks for it!<br>
<br>
Last week we replaced an older centos box with a cenos7 box. I installed tac_plus using an rpm from <a href="http://pbone.net" rel="noreferrer" target="_blank">pbone.net</a>.<br>
<br>
I could not get it to work to save my life. I messed around with the tacplus config, the pam config, no luck at all. I was at witt's end.<br>
<br>
I started the process manually with a bunch of -d from the cli and it lit right up. Then I killed it, started it without all the -d from the cli and it still worked.<br>
<br>
So now I'm confused. When I allow the binary to start using the scripts it won't function, when I start it from cli it works fine.<br>
<br>
when I run:<br>
<br>
[root@localhost log]# ps auxw | grep tac_<br>
root 16163 0.0 0.0 26000 528 ? S 10:30 0:00 /usr/bin/tac_plus -C /etc/tac_plus.conf<br>
<br>
and when I run:<br>
<br>
[root@localhost log]# netstat -anp | grep tac_<br>
tcp 0 0 <a href="http://0.0.0.0:49" rel="noreferrer" target="_blank">0.0.0.0:49</a> 0.0.0.0:* LISTEN 16163/tac_plus<br>
unix 2 [ ] DGRAM 6079166 16163/tac_plus<br>
<br>
<br>
The output is the same regardless of whether I started via cli or scripts.<br>
<br>
<br>
I just don't know where to go from here. Looking for suggestions.<br>
<br>
Thanks!<br>
<br>
-Rick<br>
<br>
<br>
-- <br>
Rick Coloccia, Jr.<br>
Network Manager<br>
State University of NY College at Geneseo<br>
<a href="https://maps.google.com/?q=1+College+Circle&entry=gmail&source=g">1 College Circle</a>, 119 South Hall<br>
Geneseo, NY 14454<br>
V: <a href="tel:585-245-5577" value="+15852455577" target="_blank">585-245-5577</a><br>
F: <a href="tel:585-245-5579" value="+15852455579" target="_blank">585-245-5579</a><br>
<br>
______________________________<wbr>_________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net" target="_blank">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo/tac_plus" rel="noreferrer" target="_blank">http://www.shrubbery.net/mailm<wbr>an/listinfo/tac_plus</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>A: Because it messes up the order in which people normally read text.<br>Q: Why is top-posting such a bad thing?<br><br></div>
</div>