{"id":217669,"date":"2014-03-31T10:59:04","date_gmt":"2014-03-31T06:59:04","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=217669"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=217669","title":{"rendered":"TACACS+ \u043d\u0430 Linux \u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 Active Directory<\/span>"},"content":{"rendered":"
\t\t\t\u0412 \u0441\u0435\u0442\u0438 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0433\u0430\u0439\u0434\u043e\u0432 \u043d\u0430 \u044d\u0442\u0443 \u0442\u0435\u043c\u0443, \u043d\u043e \u043f\u043e\u0434\u043d\u044f\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441 \u043d\u0430 Linux \u0438 \u0441\u0432\u044f\u0437\u0430\u0442\u044c \u0435\u0433\u043e \u0441 Active Directory \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0438 30-60 \u043c\u0438\u043d\u0443\u0442 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c. \u041f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e \u0441\u0432\u043e\u0439 \u043f\u0443\u0442\u044c \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u0447\u0438, \u0441 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u043c\u0438 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u043c\u0438.<\/p>\n

\u041f\u0440\u0438\u0441\u0442\u0443\u043f\u0438\u043c \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u0430. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u041e\u0421\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f CentOS.
<\/a>
\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b<\/b> <\/p>\n

# yum install gcc # yum install perl-LDAP # yum install bind-utils <\/code><\/pre>\n
  \u0412\u0441\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u043c \u043f\u043e\u0434 \u00abroot\u00bb 
  (\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0434\u043e\u043c\u0430\u0448\u043d\u044f\u044f \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044f \/root)<\/p>\n
  \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 Tac Plus<\/b>  <\/p>\n
# yum install wget # wget http:\/\/www.pro-bono-publico.de\/projects\/src\/DEVEL.tar.bz2 # tar xvfj .\/DEVEL.tar.bz2 # cd .\/PROJECTS # .\/configure # make # make install <\/code><\/pre>\n
  \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0434\u043b\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0438\u043d\u0433\u0430<\/b>  <\/p>\n
# mkdir \/var\/log\/tac_plus # mkdir \/var\/log\/tac_plus\/access # mkdir \/var\/log\/tac_plus\/acct # chmod 760 -R \/var\/log\/tac_plus\/ <\/code><\/pre>\n
  \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c Tac Plus \u0432 \u0430\u0432\u0442\u043e\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443<\/b>  <\/p>\n
# cp \/root\/PROJECTS\/tac_plus\/extra\/etc_init.d_tac_plus \/etc\/init.d\/tac_plus # chmod 755 \/etc\/init.d\/tac_plus # chkconfig --add tac_plus # chkconfig --level 2345 tac_plus on <\/code><\/pre>\n
  \u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0432 \u0430\u0432\u0442\u043e\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443<\/b>  <\/p>\n
# chkconfig --list | grep tac_plus <\/code><\/pre>\n
  \u041f\u0440\u0430\u0432\u0438\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b<\/b>  <\/p>\n
# cp \/root\/PROJECTS\/tac_plus\/extra\/tac_plus.cfg-ads \/usr\/local\/etc\/tac_plus.cfg # chmod 660 \/usr\/local\/etc\/tac_plus.cfg <\/code><\/pre>\n
  !!! \u041f\u043e\u0441\u043b\u0435 \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0430 \u0441\u0435\u0440\u0432\u0438\u0441 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0449\u0435\u043d (service tac_plus restart)<\/b><\/u>
  \u041f\u0440\u0438\u043c\u0435\u0440 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 (\u043d\u0443\u0436\u043d\u043e \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 tac_plus.cfg, \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u043d\u0435\u0441\u044f \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0432\u044b \u0432 \u043f\u0440\u043e\u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044f)<\/p>\n
#!\/usr\/local\/sbin\/tac_plus id = spawnd {         listen = { port = 49 } #\u043f\u043e\u0440\u0442, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c TACACS         spawn = {                 instances min = 1                 instances max = 10         }         background = yes }  id = tac_plus { \t\t# \u043b\u043e\u0433 \u0444\u0430\u0439\u043b\u044b         access log = ">\/var\/log\/tac_plus\/access\/%Y%m%d.log"         accounting log = ">\/var\/log\/tac_plus\/acct\/%Y%m%d.log" \t\t \t\t# \u0431\u043b\u043e\u043a \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a Active Directory         mavis module = external {                 setenv LDAP_SERVER_TYPE = "microsoft"                 setenv LDAP_HOSTS = "ldaps:\/\/domain.name:636" # \u0438\u043c\u044f \u0434\u043e\u043c\u0435\u043d\u0430 \u0434\u043e\u043b\u0436\u043d\u043e \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0442\u044c\u0441\u044f DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c (\u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e nslookup). \u0412\u043c\u0435\u0441\u0442\u043e \u0438\u043c\u0435\u043d\u0438 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c IP \u0430\u0434\u0440\u0435\u0441                 setenv LDAP_SCOPE = sub                 setenv LDAP_BASE = "dc=domain,dc=name" # \u0433\u0434\u0435 \u0438\u0441\u043a\u0430\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439                 setenv LDAP_FILTER = "(&(objectclass=user)(sAMAccountName=%s))"                 setenv LDAP_USER = "aduser@domain.name" # \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0439 \u044e\u0437\u0435\u0440 \u0434\u043b\u044f \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 \u0441 AD                 setenv LDAP_PASSWD = "passw0rd" # \u043f\u0430\u0440\u043e\u043b\u044c \u044e\u0437\u0435\u0440\u0430                 #setenv AD_GROUP_PREFIX = tacacs                 #setenv REQUIRE_TACACS_GROUP_PREFIX = 1                 #setenv USE_TLS = 0                 setenv FLAG_USE_MEMBEROF = 1                 exec = \/usr\/local\/lib\/mavis\/mavis_tacplus_ldap.pl         }          login backend = mavis         user backend = mavis         #pap backend = mavis          host = world {                 address = ::\/0                 welcome banner = ""                 #Crypt password generate by "openssl passwd -1 clear_text_password"                 enable 15 = crypt $1$eqIkg6p0$jzhK5.                 key = "TACACSPASSWORD" #\u043f\u0430\u0440\u043e\u043b\u044c \u0434\u043b\u044f \u0441\u0432\u044f\u0437\u043a\u0438 \u0441 TACACS-\u043a\u043b\u0438\u0435\u043d\u0442\u043e\u043c         } \t\t# \u0433\u0440\u0443\u043f\u043f\u0443 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430\u0434\u0435\u043b\u044f\u0435\u043c \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0441\u0443\u043f\u0435\u0440\u0430\u0434\u043c\u0438\u043d\u0430         group = ADMIN {             message = "[Admin privileges]"             default service = permit             service = shell {                 default command = permit                 default attribute = permit                 set priv-lvl = 15             }         } \t\t# \u0433\u0440\u0443\u043f\u043f\u0435 \u0433\u043e\u043b\u043e\u0441\u043e\u0432\u044b\u0445 \u0430\u0434\u043c\u0438\u043d\u043e\u0432 \u0434\u0430\u0435\u043c \u043f\u043e\u043b\u043d\u044b\u0439 \u043d\u0430\u0431\u043e\u0440 \u043f\u0440\u0438\u0432\u0435\u043b\u0435\u0433\u0438\u0439 \u0438 \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u0435\u043c \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b         group = VOIP {             message = "[VoIP-admin privileges]"             default service = permit             service = shell {                 default command = permit                 default attribute = permit                 set priv-lvl = 15                 cmd = interface {                     permit "Lo*"                     permit "Se*"                     deny .*                 }                 cmd = aaa { deny .* }                 cmd = username { deny .* }                 cmd = line { deny .* }                 cmd = delete { deny .* }                 #cmd = reload { deny .* }                 cmd = boot { deny .* }                 cmd = enable { deny .* }                 cmd = archive { deny .* }                 cmd = router { deny .* }                 cmd = ip {                     permit "address *"                     deny .*                 }                 cmd = tacacs-server { deny .* }                 cmd = radius-server { deny .* }                 cmd = privilege { deny .* }                 cmd = erase { deny .* }                 cmd = write {                     permit "memory"                     deny .*                 }                 cmd = format { deny .* }             }         } }<\/code><\/pre>\n
  \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0430 (\u0435\u0441\u043b\u0438 \u0432\u0441\u0435 \u041e\u041a, \u0442\u043e \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u0432\u044b\u0432\u0435\u0434\u0435\u0442)<\/b>  <\/p>\n
# \/usr\/local\/sbin\/tac_plus -P \/usr\/local\/etc\/tac_plus.cfg <\/code><\/pre>\n
  \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0433\u0440\u0443\u043f\u043f\u044b \u0432 AD<\/b>
  \u0412 Active Directory \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c 2 \u0433\u0440\u0443\u043f\u043f\u044b (\u0438\u0441\u0445\u043e\u0434\u044f \u0438\u0437 \u043d\u0430\u0448\u0435\u0433\u043e \u043a\u043e\u043d\u0444\u0438\u0433\u0430): tacacsadmin \u0438 tacacsvoip.
  Tac Plus \u043e\u0442\u0440\u0435\u0437\u0430\u0435\u0442 \u043f\u0440\u0435\u0444\u0438\u043a\u0441 \u00abtacacs\u00bb \u043f\u0440\u0438 \u0441\u043e\u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0433\u0440\u0443\u043f\u043f\u044b, \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u043e\u0439 \u0432 AD, \u0433\u0440\u0443\u043f\u043f\u0435 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0435 \u0438 \u043f\u0435\u0440\u0435\u0432\u043e\u0434\u0438\u0442 \u043e\u0441\u0442\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0441\u0438\u043c\u0432\u043e\u043b\u044b \u0432 \u0432\u0435\u0440\u0445\u043d\u0438\u0439 \u0440\u0435\u0433\u0438\u0441\u0442\u0440.
  \u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c tacacsadmin \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0432\u0441\u0442\u0432\u0443\u0435\u0442 ADMIN, \u0430 tacacsvoip \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442 VOIP (\u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u0430\u043d\u043d\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0438\u0433\u0440\u0430\u0432\u0448\u0438\u0441\u044c \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0430\u043c\u0438: AD_GROUP_PREFIX \u0438 REQUIRE_TACACS_GROUP_PREFIX \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0435).
  \u0413\u0440\u0443\u043f\u043f\u044b \u0443\u043a\u0430\u0437\u0430\u043d\u044b \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u043c\u0438 \u0431\u0443\u043a\u0432\u0430\u043c\u0438 \u043d\u0435 \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e!
  \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0433\u0440\u0443\u043f\u043f\u044b.<\/p>\n
  \u0417\u0430\u043f\u0443\u0441\u043a \u0438 \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u0441\u0435\u0440\u0432\u0438\u0441\u0430 TACACS<\/b>  <\/p>\n
# service tac_plus start # service tac_plus stop # service tac_plus restart <\/code><\/pre>\n
  \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u0430 AAA \u043d\u0430 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0438 Cisco<\/b>  <\/p>\n
tacacs server TACSRV1 \t!IP-\u0430\u0434\u0440\u0435\u0441 tacacs-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \taddress ipv4 172.16.2.2 \t!\u043a\u043b\u044e\u0447 \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u0442\u044c \u0441 \u0442\u0435\u043c, \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u0430\u043d \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0435 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \tkey TACACSPASSWORD \ttimeout 2 ! aaa new-model aaa group server tacacs+ TACSERVICE \tserver name TACSRV1 aaa authentication login default group TACSERVICE local aaa authentication login CONSOLE local aaa authentication enable default group TACSERVICE enable aaa authorization config-commands aaa authorization exec default group TACSERVICE local aaa authorization exec CONSOLE local aaa authorization commands 15 default group TACSERVICE local aaa accounting commands 15 default start-stop group TACSERVICE ! line con 0 \tlogin authentication CONSOLE line vty 0 15 <\/code><\/pre>\n
  \u041c\u0435\u0442\u043e\u0434\u0438\u043a\u0430 \u0434\u0435\u0431\u0430\u0433\u0430<\/b>
  1. \u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0440\u0430\u0431\u043e\u0442\u044b \u043c\u043e\u0434\u0443\u043b\u0435\u0439 LDAP (\u0434\u043e\u043b\u0436\u043d\u043e \u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043f\u0443\u0441\u0442\u0443\u044e \u0441\u0442\u0440\u043e\u043a\u0443 \u0431\u0435\u0437 \u043e\u0448\u0438\u0431\u043e\u043a). \u041e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 perl-LDAP.  <\/p>\n
# env LDAP_HOSTS="172.16.1.1" LDAP_SERVER_TYPE="microsoft" \/usr\/local\/lib\/mavis\/mavis_tacplus_ldap.pl 2. \u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0441\u0432\u044f\u0437\u043a\u0438 TACACS - LDAP. \u0414\u043e\u043b\u0436\u043d\u043e \u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432 \u043f\u043e\u043b\u0435 RESULT - ACK. \u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0431\u043b\u043e\u043a \u043a\u043e\u043d\u0444\u0438\u0433\u0430, \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0437\u0430 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044e \u0441 AD. <source lang="bash"> # \/usr\/local\/bin\/mavistest \/usr\/local\/etc\/tac_plus.cfg tac_plus TACPLUS <login> <password> <\/code><\/pre>\n
  3. \u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430, \u0447\u0442\u043e \u0441\u0435\u0440\u0432\u0438\u0441 \u0437\u0430\u043f\u0443\u0449\u0435\u043d \u0438 \u0441\u043b\u0443\u0448\u0430\u0435\u0442 \u043f\u043e\u0440\u0442 tcp 49  <\/p>\n
# netstat -nlp | grep tac_plus <\/code><\/pre>\n
  4. \u0414\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0443\u0432\u0438\u0434\u0435\u0442\u044c \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043a \u0441\u0435\u0440\u0432\u0438\u0441\u0443  <\/p>\n
# tcpdump -nn port 49 <\/code><\/pre>\n
  5. \u0414\u0435\u0431\u0430\u0433 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c  <\/p>\n
# \/usr\/local\/sbin\/tac_plus -d 4088 -fp \/var\/run\/tac_plus.pid \/usr\/local\/etc\/tac_plus.cfg <\/code><\/pre>\n
  \u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044e \u0437\u0430 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435!<\/p>\n
  \u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u0432\u0441\u043f\u043e\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0441\u0441\u044b\u043b\u043a\u0438:<\/b>
  http:\/\/packetroute.wordpress.com\/2012\/12\/12\/tacacs-ad-centos-free\/<\/a>
  http:\/\/www.pro-bono-publico.de\/projects\/howto-tac_plus-ads.html<\/a>
  http:\/\/habrahabr.ru\/post\/194750\/<\/a> \t\t\t<\/p>\n
<\/div>\n<\/p><\/div>\n
 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438  http:\/\/habrahabr.ru\/post\/217669\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
 \t\t\t\u0412 \u0441\u0435\u0442\u0438 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0433\u0430\u0439\u0434\u043e\u0432 \u043d\u0430 \u044d\u0442\u0443 \u0442\u0435\u043c\u0443, \u043d\u043e \u043f\u043e\u0434\u043d\u044f\u0442\u044c \u0441\u0435\u0440\u0432\u0438\u0441 \u043d\u0430 Linux \u0438 \u0441\u0432\u044f\u0437\u0430\u0442\u044c \u0435\u0433\u043e \u0441 Active Directory \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0438 30-60 \u043c\u0438\u043d\u0443\u0442 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c. \u041f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e \u0441\u0432\u043e\u0439 \u043f\u0443\u0442\u044c \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u0447\u0438, \u0441 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u043c\u0438 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u043c\u0438.<\/p>\n
  \u041f\u0440\u0438\u0441\u0442\u0443\u043f\u0438\u043c \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u0430. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u041e\u0421\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f CentOS.  <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-217669","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/217669","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=217669"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/217669\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=217669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=217669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=217669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}