Table of Contents
Advertisement
User authentication
TACACS+ user configuration
After setting up the TACACS+ server, you will need to configure one or more users on the server. When
configured with TACACS+ support, the TX54 device uses the TACACS+ server for authentication
(password verification) and authorization (assigning the access level of the user).
Example TACACS+ Configuration
With TACACS+, users are defined in the server configuration file. On Ubuntu, the default location and
filename for the server configuration file is /etc/tacacs+/tac_plus.conf.
Note
TACACS+ configuration, including filenames and locations, may vary depending on your platform
and installation. This example assumes a Ubuntu installation.
To define users:
1. Open the TACACS+ server configuration file in a text editor. For example:
$ sudo gedit /etc/tacacs+/tac_plus.conf
2. Add users to the file using the following format. This example will create two users, one with
admin and serial access, and one with only serial access.
user = user1 {
name ="User1 for TX54"
pap = cleartext password1
service = system {
}
}
user = user2 {
name ="User2 for TX54"
pap = cleartext password2
service = system {
}
}
The value of the groupname attribute must correspond to authentication groups configured on
your TX54 device. See
groups. The groupname attribute can contain one group or multiple groups in a comma-
separated list.
3. Save and close the file.
4. Verify that your changes did not introduce any syntax errors:
sudo tac_plus -C /etc/tacacs+/tac_plus.conf -P
If successful, this command will echo the configuration file to standard out. If the command
encounters any syntax errors, a message similar to this will display:
Error: Unrecognised token on line 1
5. Restart the TACACS+ server:
sudo /etc/init.d/tacacs_plus restart
TX54 User Guide
Terminal Access Controller Access-Control System Plus (TACACS+)
groupname = admin,serial
groupname = serial
Authentication groups
for more information about authentication
539
Advertisement
Table of Contents
