#!/usr/bin/env -S /usr/local/bin/tactrace.pl --user demo --conf

id = spawnd {
	background = no
#	single process = yes
	listen { port = 4949 } # TACACS+, non-standart port
	listen { port = 1812 protocol = UDP } # RADIUS
	listen { port = 1813 protocol = UDP } # RADIUS
	spawn {
		instances min = 1
		instances max = 32
	}
}

id = tac_plus-ng {
        log accesslog { destination = /tmp/tac/access.log }
        log authorlog { destination = /tmp/tac/author.log }
        log acctlog { destination = /tmp/tac/acct.log }
        log rad-accesslog { destination = /tmp/rad/access.log }
        log rad-acctlog { destination = /tmp/rad/acct.log }
	log connlog { destination = /tmp/conn.log }

	access log = accesslog
	authorization log = authorlog
	accounting log = acctlog
	radius.access log = rad-accesslog
	radius.accounting log = rad-acctlog
	connection log = connlog

	include = "$CONFDIR/radius-dict.cfg"

	mavis module dbdemo = external {
		exec = mavis/perl/mavis_tacplus-ng-demo-database.pl
	}
	user backend = mavis
	login backend = mavis chpass
	pap backend = mavis

	host world {
		address = 0.0.0.0/0
		key = demo
		radius.key = demo
		mavis backend = yes
	}

	profile admin {
		script {
			if (service == shell) {
			    if (cmd == "")
				set priv-lvl = 15
			    permit
			}
			if (radius[Service-Type] ==  Administrative-User)  { 
				set radius[Cisco:Cisco-AVPair] = "shell:priv-lvl=15"
				set radius[Cisco:Cisco-AVPair] = "shell:priv-lvl=15"
				permit
			}
			set radius[Cisco:Cisco-AVPair] = "shell:priv-lvl=15"
			set radius[NAS-Port] = 12345
			permit
		}
	}
}