Table of Contents
Advertisement
Source address spoofing for TACACS+ and RADIUS can be configured in the Ranger Gateway
Viewer on the Configure > Gateway Settings dialog Access Control tab, or by using the
configGateway
and/or tacacs_proxy_spoof .
Where the Ranger Gateway and TACACS+/RADIUS server are not installed on the same server, it
may be useful to use two or more Ranger Gateways, in order to provide high availability. In this
case, each server group may have multiple entries for each TACACS+/RADIUS server, one for each
Ranger Gateway that can be used to relay requests to that server. For example, if there are two
equivalent TACACS+/RADIUS servers, acs1 and acs2, and two Ranger Gateways, rg1 and rg2,
that can be used to relay requests to those servers, the corresponding server group would contain
four entries:
•
rg1 acs1
•
rg2 acs1
•
rg1 acs2
•
rg2 acs2
Configuration Example
In order to illustrate the configuration required for TACACS+/RADIUS proxy, consider the
following sample network:
Figure 30-2. ZoneRanger TACACS+/RADIUS Proxy Configuration
Note that there are four TACACS+/RADIUS servers shown in this diagram: acs1, acs2, acs3, and
acs4. In the case of acs1 and acs2, the Ranger Gateway software is installed on the same server as
the TACACS+/RADIUS server application. In the case of acs3 and acs4, the Ranger Gateway
software has been installed on separate servers.
ZoneRanger 5.5 User's Guide
command on the Ranger Gateway to set the variables radius_proxy_spoof
105
Hide quick links:
Advertisement
Table of Contents
