Table of Contents
Advertisement
tacacs+
When configured enable authentication method as the remote authentication (i.e. configured group,
group-restrict, radius or tacacs+ as the keywords), the usernames that respectively use RADIUS and
TACACS+ to authenticate are different, the following is the introduction for each type:
1. Use RADIUS to proceed enable authentication:
The authenticated username is $ENABLElevel$, in which leve indicates the privilege level that the user
is to enter, i.e. the number that implies the privilege number behind enable command. For instance, if
you are to enter a privilege level 7, you needs to input command enable 7. In this case, if you has
configured to use RADIUS for authentication, then the username submitted to Radius server is
$ENABLE15$, thus need to configure ralating username and password on Radius server in advance.
It is especially pointed out that you need to clarify that the service type used for privilege authentication
in the Radius Server user database is 6, i.e. Admin-User .
2. Use TACACS+ to proceed authentication
The username used for enable authentication is the one that used when this user login the Router.
For example, if a user typed chen for username when login in the Router, the username used for
enable authentication should be chen too. If the user is not required to pass authentication or is not
indicated to input the username when proceeding the authentication, the username after successful
login should be DEFAULT, and you need to set up in the user database of TACACS+ Server.
8.1.9 Change The String To Prompt Inputting The Password
Use aaa authentication password-prompt command to change the default text that the D-Link router
displays when prompting a user to enter a password. This command changes the password prompt for
the enable password as well as for login passwords that are not supplied by remote security servers.
The undo form of this command restores the password prompt to the following default value:
Password:
aaa authentication password-prompt command does not change any prompt message provided by
a remote TACACS+ server or RADIUS server. Use the following command in global configuration
directory:
aaa authentication password-prompt
text-string
Example:
[DEFAULT@Router /config/]#aaa
(00)accounting
(01)authentication
......
Please Input the code of command to be excute(0-5): 1
(00)enable
(01)login
(02)password-prompt
......
Please Input the code of command to be excute(0-4): 2
(00)WORD
Please Input the code of command to be excute(0-0): 0
Please input a string:123456 (Input password-prompt,here is only for example)
Will you excute it? (Y/N):y
8.1.10 Establish A Database of Local User Name Authentification
A local authentication system based on the username can be created for the following situations:
Command
Accounting configurations parameters
Authentication configurations parameters
Set authentication list for enable
Set authentication list for login
Text to use when prompting for a password
Password prompt string
Model Name
Uses TACACS+ authentication.
Change the default text displayed when a user is
prompted to enter a password.
- 345 -
Purpose
Hide quick links:
Advertisement
Table of Contents
