Tac_plus[320973]: Error get_socket: bind 49 Address already in use

Unable to start the tacacs+ plus service, please see the error attached.

The list of listeners says you’ve already got something on port 49.

tried telnetting into port 49 on this machine to see if a banner appears? "if so, that might give you dome idea as to what is listening on that port a ps -ef | grep root might also help…

Looks like port 49 is being used by the tac_plus service

So it sounds like Tac_plus is already running, and you’re trying to start it a second time? Might be worth testing from cold boot.

The service stops immediately when I start it.

That was not the “question”. The service stops because it fails to start tac_plus. The tac_plus fails to start, if there is already a tac_plus running. A process that was not started by service unit.

pgrep -a plus
ss -tulpn | grep ":49"

Does the first show a “tac_plus” process?
Does the latter show the process that listens on 49?


PS. One can usually copy-paste text from terminal to forum posts and format with code tags. The result is more convenient than screenshots.

pgrep -a plus
ss -tulpn | grep “:49”
15241 tac_plus -C /etc/tac_plus.conf
tcp LISTEN 0 4096 0.0.0.0:49 0.0.0.0:*

yes, I do not see the process that listens on 49

Regular user does not see the name. The root does:

me:1:~$ ss -tulpn | grep ":22"
tcp   LISTEN 0      128          0.0.0.0:22         0.0.0.0:*          
me:1:~$ sudo ss -tulpn | grep ":22"
tcp   LISTEN 0      128          0.0.0.0:22         0.0.0.0:*    users:(("sshd",pid=981,fd=3))  

However, even as regular user you do see that something on your machine does listen tcp/49 at 0.0.0.0.


Yes, you do have process ID 15241 – a tac_plus running. It’s existence blocks the service from starting.

You could simply kill that process, but what might have started it? You could look at process listing first:

ps axfu | grep -B6 -A2 tac_plu[s]

Thing is, if some “service” started it, then it might run also on next boot and again block your intended service.

[@vm~]$ ps axfu | grep -B6 -A2 tac_plu[s]
root 1410 0.0 0.0 3044 1920 tty1 Ss+ Oct28 0:00 /sbin/agetty -o -p – \u --noclear - linux
root 1411 0.0 0.0 3088 1920 ttyS0 Ss+ Oct28 0:00 /sbin/agetty -o -p – \u --keep-baud 115200,57600,38400,9600 - vt220
root 1611 0.0 0.3 102716 25208 ? Sl Oct28 0:06 /usr/bin/pyth on3 /var/lib/waagent/Microsoft.Azure.Monitor.AzureMonitorLinuxAgent-1.33.0/agent .py -metrics
root 1613 0.0 0.3 102728 25340 ? Sl Oct28 0:06 /usr/bin/pyth on3 /var/lib/waagent/Microsoft.Azure.Monitor.AzureMonitorLinuxAgent-1.33.0/agent .py -syslogconfig
zzbeaks+ 15045 0.0 0.1 22916 13908 ? Ss Oct29 0:00 /usr/lib/syst emd/systemd --user
zzbeaks+ 15046 0.0 0.1 131156 8832 ? S Oct29 0:00 _ (sd-pam)
root 15241 0.0 0.0 8268 5224 ? S Oct29 0:03 tac_plus -C / etc/tac_plus.conf
[@vm- ~]$ sudo kill -9 15241

I killed the process and tried to restart the service again

[ro@vm ~]# systemctl restart tac_plus
[root@vm ~]# systemctl status tac_plus
○ tac_plus.service - TACACS+ IPv4 Daemon
Loaded: loaded (/etc/systemd/system/tac_plus.service; disabled; preset: disabled)
Active: inactive (dead)

Nov 18 16:39:44 vm systemd[1]: Started TACACS+ IPv4 Daemon.
Nov 18 16:39:44 vm-2 tac_plus[435792]: Reading config
Nov 18 16:39:44 vm tac_plus[435792]: Version F4.0.4.26 Initialized 1
Nov 18 16:39:44 vm- tac_plus[435794]: Received signal 15, shutting down
Nov 18 16:39:44 vm- systemd[1]: tac_plus.service: Deactivated successfully.
Nov 19 10:45:37 vm systemd[1]: Started TACACS+ IPv4 Daemon.
Nov 19 10:45:37 vm tac_plus[449997]: Reading config
Nov 19 10:45:37 vm tac_plus[449997]: Version F4.0.4.26 Initialized 1
Nov 19 10:45:37 vm tac_plus[449999]: Received signal 15, shutting down
Nov 19 10:45:37 vm- systemd[1]: tac_plus.service: Deactivated successfully.
[root@vm- ~]# ps axfu | grep -B6 -A2 tac_plu[s]
[root@vm- ~]#
[root@vm ~]# pgrep -a plus
ss -tulpn | grep “:49”
[root@vm- ~]#

First, code tags (the </> button) would make outputs easier to read here.

There is no obvious reason why the process 15241 did exist.


Now you see a new issue.
Something does terminate the tac_plus that the service starts.
What do its logs say now?

░░ Subject: A start job for unit tac_plus.service has finished successfully
░░ Defined-By: systemd
░░ Support: Getting Community Help & Support - Rocky Linux Wiki
░░
░░ A start job for unit tac_plus.service has finished successfully.
░░
░░ The job identifier is 43707.
Nov 19 10:45:37 vm tac_plus[449997]: Reading config
Nov 19 10:45:37 vm- tac_plus[449997]: Version F4.0.4.26 Initialized 1
Nov 19 10:45:37 vm- tac_plus[449999]: Received signal 15, shutting down
Nov 19 10:45:37 vm- systemd[1]: tac_plus.service: Deactivated successfully.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: Getting Community Help & Support - Rocky Linux Wiki
░░
Here is the log

Any help would be appreciated