when logged in under a TACACS-backed account and running any DHCPv4 command in op-mode (show dhcp server [...]) it prints out an exception:
tacs@cr1-devlab2:~$ show dhcp server leases
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/dhcp.py", line 479, in <module>
res = vyos.opmode.run(sys.modules[__name__])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 263, in run
res = func(**args)
^^^^^^^^^^^^
File "/usr/libexec/vyos/op_mode/dhcp.py", line 309, in _wrapper
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/usr/libexec/vyos/op_mode/dhcp.py", line 342, in show_server_leases
lease_data = _get_raw_server_leases(family=family, pool=pool, sorted=sorted, state=state, origin=origin)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/libexec/vyos/op_mode/dhcp.py", line 82, in _get_raw_server_leases
leases = kea_get_leases(inet_suffix)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/kea.py", line 326, in kea_get_leases
leases = _ctrl_socket_command(inet, f'lease{inet}-get-all')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/kea.py", line 309, in _ctrl_socket_command
sock.connect(path)
PermissionError: [Errno 13] Permission denied
tacs@cr1-devlab2:~$this issue is not present when using a local account. it doesn't look like TACACS users get added to the _kea group while local accounts do.
tacs@cr1-devlab2:~$ groups tacs tacs: tacacs adm disk sudo dip users vyattacfg frrvty frr tacs@cr1-devlab2:~$ groups vyos vyos: users adm disk sudo dip vyattacfg _kea frrvty frr
if i manually add myself to the the _kea group and logout/login i can run dhcp commands
tacs@cr1-devlab2:~$ sudo usermod -aG _kea tacs tacs@cr1-devlab2:~$ groups tacs tacs : tacacs adm disk sudo dip users vyattacfg _kea frrvty frr tacs@cr1-devlab2:~$ exit logout --- Last login: Tue Mar 26 12:16:37 2024 from 172.21.20.23 tacs@cr1-devlab2:~$ groups tacacs adm disk sudo dip users vyattacfg _kea frrvty frr acs@cr1-devlab2:~$ show dhcp server leases IP Address MAC address State Lease start Lease expiration Remaining Pool Hostname Origin ------------ ----------------- ------- ------------------- ------------------- ----------- ------ -------------------- -------- [...] tacs@cr1-devlab2:~$