TACACS+配置:如何接收priv-lvl值？

Question

我需要配置TACACS+服务器，以了解给定用户是否经过身份验证*以及他的priv-lvl是什么。作为一个客户端，我正在使用tactest (tacacs.net)和TACACS+客户端Java (AXL)。

我试过用这个：

user = admin {
    name = “Admin User”
    login = cleartext admin
    service = exec {
      priv-lvl = 10
  }
}

并且可以作为管理员进行身份验证，但无法获得他的特权-lvl。

以下是tactest的输出：

C:\Program Files (x86)\TACACS.net>tactest -s x.x.x.x -k testing123 -u admin -p admin -author -service exec
Trying to open connection to x.x.x.x:49

Sending:
 MajorVersion=12
MinorVersion=0
Type=Authorization
SeqNum=1
IsEncrypted=True
IsSingleConnect=True
SessionID=494431516
DataLength=37
 Authorization Method=Debug
Priv lvl=1
Auth Type=Ascii
Service=None
User=admin
Port=
Rem Addr=
Args: service=exec


Received Header:
 MajorVersion=12
MinorVersion=0
Type=Authorization
SeqNum=2
IsEncrypted=True
IsSingleConnect=False
SessionID=494431516
DataLength=6

Received Body:
 Authorization Status=PassAdd
User=
Port=
Args:

Command Pass status = True, Message=,

------------------

SUMMARY STATISTICS

------------------

Total Commands  .....................  1
Successes  ..........................  1
Failures  ...........................  0
No Results  .........................  0
Time Taken for commands  ............  0,066 secs
Avg Possible Transactions/Second  ...  15
Network Time per command  ...........  0,017 secs
Total Network time  .................  0,017 secs
Sent Transactions/Second  ...........  11,1

有什么方法可以得到这个属性值吗？

*我知道这不仅是身份验证，也是一种授权

Answer 1

我终于找到了解决办法。我只需将服务名称更改为任何其他名称：

user = admin {
    name = “Admin User”
    login = cleartext admin
    service = myservice {
      priv-lvl = 10
  }
}

然后我可以在客户端获得AV对：

Received Header:
MajorVersion=12
MinorVersion=0
Type=Authorization
SeqNum=2
IsEncrypted=True
IsSingleConnect=False
SessionID=952769599
DataLength=18

Received Body:
 Authorization Status=PassAdd
User=
Port=
Args: priv-lvl=10