Table of Contents
Advertisement
User authentication
Error: Unrecognised token on line 1
5. Restart the TACACS+ server:
$ sudo /etc/init.d/tacacs_plus restart
TACACS+ server failover and fallback to local authentication
In addition to the primary TACACS+ server, you can also configure your Connect IT 16/48 device to use
backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the
primary TACACS+ server is unavailable.
Falling back to local authentication
With user authentication methods, you can configure your Connect IT 16/48 device to use multiple
types of authentication. For example, you can configure both TACACS+ authentication and local
authentication, so that local authentication can be used as a fallback mechanism if the primary and
backup TACACS+ servers are unavailable. Additionally, users who are configured locally but are not
configured on the TACACS+ server are still able to log into the device. Authentication methods are
attempted in the order they are listed until the first successful authentication result is returned;
therefore if you want to ensure that users are authenticated first through the TACACS+ server, and
only authenticated locally if the TACACS+ server is unavailable or if the user is not defined on the
TACACS+ server, then you should list the TACACS+ authentication method prior to the Local users
authentication method.
See
User authentication methods
If the TACACS+ servers are unavailable and the Connect IT 16/48 device falls back to local
authentication, only users defined locally on the device are able to log in. TACACS+ users cannot log in
until the TACACS+ servers are brought back online.
Configure your Connect IT 16/48 device to use a TACACS+ server
This section describes how to configure a Connect IT 16/48 device to use a TACACS+ server for
authentication and authorization.
Required configuration items
Define the TACACS+ server IP address or domain name.
n
Define the TACACS+ server shared secret.
n
The group attribute configured in the TACACS+ server configuration.
n
The service field configured in the TACACS+ server configuration.
n
Add TACACS+ as an authentication method for your Connect IT 16/48 device.
n
Additional configuration items
Whether other user authentication methods should be used in addition to the TACACS+ server,
n
or if the TACACS+ server should be considered the authoritative login method.
The TACACS+ server port. It is configured to 49 by default.
n
Add additional TACACS+ servers in case the first TACACS+ server is unavailable.
n
WebUI
Digi Connect IT® 16/48 User Guide
Terminal Access Controller Access-Control System Plus (TACACS+)
for more information about authentication methods.
520
Advertisement
Table of Contents
