Table of Contents
Advertisement
User authentication
Error: Unrecognised token on line 1
5. Restart the TACACS+ server:
$ sudo /etc/init.d/tacacs_plus restart
TACACS+ server failover and fallback to local authentication
In addition to the primary TACACS+ server, you can also configure your Connect IT Mini device to use
backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the
primary TACACS+ server is unavailable.
Falling back to local authentication
With user authentication methods, you can configure your Connect IT Mini device to use multiple types
of authentication. For example, you can configure both TACACS+ authentication and local
authentication, so that local authentication can be used as a fallback mechanism if the primary and
backup TACACS+ servers are unavailable. Additionally, users who are configured locally but are not
configured on the TACACS+ server are still able to log into the device. Authentication methods are
attempted in the order they are listed until the first successful authentication result is returned;
therefore if you want to ensure that users are authenticated first through the TACACS+ server, and
only authenticated locally if the TACACS+ server is unavailable or if the user is not defined on the
TACACS+ server, then you should list the TACACS+ authentication method prior to the Local users
authentication method.
See
User authentication methods
If the TACACS+ servers are unavailable and the Connect IT Mini device falls back to local
authentication, only users defined locally on the device are able to log in. TACACS+ users cannot log in
until the TACACS+ servers are brought back online.
Configure your Connect IT Mini device to use a TACACS+ server
This section describes how to configure a Connect IT Mini device to use a TACACS+ server for
authentication and authorization.
Required configuration items
Define the TACACS+ server IP address or domain name.
n
Define the TACACS+ server shared secret.
n
The group attribute configured in the TACACS+ server configuration.
n
The service field configured in the TACACS+ server configuration.
n
Add TACACS+ as an authentication method for your Connect IT Mini device.
n
Additional configuration items
Whether other user authentication methods should be used in addition to the TACACS+ server,
n
or if the TACACS+ server should be considered the authoritative login method.
The TACACS+ server port. It is configured to 49 by default.
n
Add additional TACACS+ servers in case the first TACACS+ server is unavailable.
n
É
WebUI
Digi Connect IT® Mini User Guide
Terminal Access Controller Access-Control System Plus (TACACS+)
for more information about authentication methods.
414
Advertisement
Table of Contents
