User authentication Terminal Access Controller Access-Control System Plus (TACACS+)
Digi Connect IT® 4 User Guide
681
Error: Unrecognised token on line 1
5. Restart the TACACS+ server:
$ sudo /etc/init.d/tacacs_plus restart
TACACS+ server failover and fallback to local authentication
In addition to the primary TACACS+ server, you can also configure your Connect IT 4 device to use
backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the
primary TACACS+ server is unavailable.
Falling back to local authentication
With user authentication methods, you can configure your Connect IT 4 device to use multiple types of
authentication. For example, you can configure both TACACS+ authentication and local authentication,
so that local authentication can be used as a fallback mechanism if the primary and backup TACACS+
servers are unavailable. Additionally, users who are configured locally but are not configured on the
TACACS+ server are still able to log into the device. Authentication methods are attempted in the
order they are listed until the first successful authentication result is returned; therefore if you want
to ensure that users are authenticated first through the TACACS+ server, and only authenticated
locally if the TACACS+ server is unavailable or if the user is not defined on the TACACS+ server, then
you should list the TACACS+ authentication method prior to the Local users authentication method.
See User authentication methods for more information about authentication methods.
If the TACACS+ servers are unavailable and the Connect IT 4 device falls back to local authentication,
only users defined locally on the device are able to log in. TACACS+ users cannot log in until the
TACACS+ servers are brought back online.
Configure your Connect IT 4 device to use a TACACS+ server
This section describes how to configure a Connect IT 4 device to use a TACACS+ server for
authentication and authorization.
Required configuration items
n Define the TACACS+ server IP address or domain name.
n Define the TACACS+ server shared secret.
n The group attribute configured in the TACACS+ server configuration.
n The service field configured in the TACACS+ server configuration.
n Add TACACS+ as an authentication method for your Connect IT 4 device.
Additional configuration items
n Whether other user authentication methods should be used in addition to the TACACS+ server,
or if the TACACS+ server should be considered the authoritative login method.
n Enable command authorization, so that the device will communicate with the TACACS+ server
to determine if the user is authorized to execute a specific command.
n Enable command accounting, so that the device will communicate with the TACACS+ server to
log commands that the user executes.
To Next Page
Loading...
