when logged in under a TACACS-backed account and running any DHCPv4 command in op-mode (show dhcp server [...]) it prints out an exception:
tacs@cr1-devlab2:~$ show dhcp server leases Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/dhcp.py", line 479, in <module> res = vyos.opmode.run(sys.modules[__name__]) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 263, in run res = func(**args) ^^^^^^^^^^^^ File "/usr/libexec/vyos/op_mode/dhcp.py", line 309, in _wrapper return func(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^ File "/usr/libexec/vyos/op_mode/dhcp.py", line 342, in show_server_leases lease_data = _get_raw_server_leases(family=family, pool=pool, sorted=sorted, state=state, origin=origin) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/libexec/vyos/op_mode/dhcp.py", line 82, in _get_raw_server_leases leases = kea_get_leases(inet_suffix) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/kea.py", line 326, in kea_get_leases leases = _ctrl_socket_command(inet, f'lease{inet}-get-all') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/kea.py", line 309, in _ctrl_socket_command sock.connect(path) PermissionError: [Errno 13] Permission denied tacs@cr1-devlab2:~$
this issue is not present when using a local account. it doesn't look like TACACS users get added to the _kea group while local accounts do.
tacs@cr1-devlab2:~$ groups tacs tacs: tacacs adm disk sudo dip users vyattacfg frrvty frr tacs@cr1-devlab2:~$ groups vyos vyos: users adm disk sudo dip vyattacfg _kea frrvty frr
if i manually add myself to the the _kea group and logout/login i can run dhcp commands
tacs@cr1-devlab2:~$ sudo usermod -aG _kea tacs tacs@cr1-devlab2:~$ groups tacs tacs : tacacs adm disk sudo dip users vyattacfg _kea frrvty frr tacs@cr1-devlab2:~$ exit logout --- Last login: Tue Mar 26 12:16:37 2024 from 172.21.20.23 tacs@cr1-devlab2:~$ groups tacacs adm disk sudo dip users vyattacfg _kea frrvty frr acs@cr1-devlab2:~$ show dhcp server leases IP Address MAC address State Lease start Lease expiration Remaining Pool Hostname Origin ------------ ----------------- ------- ------------------- ------------------- ----------- ------ -------------------- -------- [...] tacs@cr1-devlab2:~$