To Next Page

To Previous Page

User authentication Terminal AccessController Access-Control System Plus(TACACS+)

IX20 User Guide

895

TACACS+ user configuration

When configured to use TACACS+ support, the IX20 device uses a remote TACACS+ server for user

authentication (password verification) and authorization (assigning the accesslevel of the user).

Additional TACACS+ servers can be configured as backup servers for user authentication.

This section outlineshow to configure a TACACS+server to beused for user authentication on your

IX20 device.

Example TACACS+ configuration

With TACACS+, users are defined in the server configuration file. On Ubuntu, the default location and

filename for the server configuration file is /etc/tacacs+/tac_plus.conf.

Note TACACS+configuration, including filenames and locations, may vary depending on your

platform and installation. This example assumesa Ubuntu installation.

To define users:

1. Open the TACACS+ server configuration file in atext editor. For example:

$ sudo gedit /etc/tacacs+/tac_plus.conf

2. Add users to the file using the following format. This example will create two users, one with

admin and serial access, and one with only serial access.

user = user1 {

name ="User1 for IX20"

pap = cleartext password1

service = system {

groupname = admin,serial

}

user = user2 {

name ="User2 for IX20"

pap = cleartext password2

service = system {

groupname = serial

}

The groupname attribute is optional. If used, the value must correspond to authentication

groupsconfigured on your IX20. Alternatively, if the user isalso configured as a local user on

the IX20 device and the LDAP server authenticates the user but does not return any groups, the

local configuration determines the list of groups. See Authentication groupsfor more

information about authentication groups. The groupname attribute can contain one group or

multiple groupsin acomma-separated list.

3. Save and close the file.

4. Verify that your changes did not introduce any syntax errors:

$ sudo tac_plus -C /etc/tacacs+/tac_plus.conf -P

If successful, this command will echo the configuration file to standard out. If the command

encounters any syntax errors, a message similar to this will display:

Digi IX20 User Manual

Questions and Answers: