Configuring Group Authorization For Tacacs+ Authentication - Avocent MERGEPOINT SP MANAGER Installer/User Manual

MergePoint® SP Manager Installer/User Guide
118
#
# server[:port] shared_secret timeout (s)
# 127.0.0.1 secret 1
# otherserver othersecret 3
OUR.RADIUS.SERVER.IP:1645 OurSecret 1 3
5. Enter the IP address for the server.
6. (Optional) Define an alternate port.
7. Enter the secret (shared password).
8. (Optional) Enter a value to redefine the time-out.
9. (Optional) Enter a value to redefine the number of retries. The following screen example
shows entries that define the RADIUS authentication server and the accounting server to
be the same server with the same IP address, sets the secret to avocent, the time-out to 5
seconds and the number of retries to 5.
auth1 172.20.0.2 avocent 5 5
acct1 172.20.0.2 avocent 5 5
NOTE: Always configure both parameters auth1 and acct1.
10. Save and quit the file.
NOTE: Multiple RADIUS servers can be configured in this file. The servers are tried in the order in which they
appear. If a server fails to respond, the next configured server is tried.

Configuring group authorization for TACACS+ authentication

The two tasks listed below must be done to configure groups for TACACS+ authentication.
• The TACACS+ server's administrator must define the desired groups and assign users to
the groups.
• The MergePoint SP manager administrator must configure the TACACS+ server on the
MergePoint SP manager and set up the TACACS+ server for raw access. For more
information see Configuring group authorization for TACACS+ authentication on page
118.
The following CLI utility command line can also be used to configure a server for raw access:
cli> set auth tacplus service raccess
To assign a group to a user on the TACACS+ server:
1. Add a definition for the group to the authentication authorization accounting (AAA)
database on the TACACS+ server. Add the raccess service in the form:
service = raccess and group_name = <mergepoint group name>;