Tacacs+ Server Failover And Fallback To Local Authentication; Configure Your Ix10 Device To Use A Tacacs+ Server - Digi IX10 User Manual

User authentication
Error: Unrecognised token on line 1
5. Restart the TACACS+ server:
$ sudo /etc/init.d/tacacs_plus restart

TACACS+ server failover and fallback to local authentication

In addition to the primary TACACS+ server, you can also configure your IX10 device to use backup
TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary
TACACS+ server is unavailable.
Falling back to local authentication
With user authentication methods, you can configure your IX10 device to use multiple types of
authentication. For example, you can configure both TACACS+ authentication and local
authentication, so that local authentication can be used as a fallback mechanism if the primary and
backup TACACS+ servers are unavailable. Additionally, users who are configured locally but are not
configured on the TACACS+ server are still able to log into the device. Authentication methods are
attempted in the order they are listed until the first successful authentication result is returned;
therefore if you want to ensure that users are authenticated first through the TACACS+ server, and
only authenticated locally if the TACACS+ server is unavailable or if the user is not defined on the
TACACS+ server, then you should list the TACACS+ authentication method prior to the Local users
authentication method.
See User authentication methods
If the TACACS+ servers are unavailable and the IX10 device falls back to local authentication, only
users defined locally on the device are able to log in. TACACS+ users cannot log in until the TACACS+
servers are brought back online.

Configure your IX10 device to use a TACACS+ server

This section describes how to configure a IX10 device to use a TACACS+ server for authentication and
authorization.
Required configuration items
Define the TACACS+ server IP address or domain name.
n
Define the TACACS+ server shared secret.
n
The group attribute configured in the TACACS+ server configuration.
n
The service field configured in the TACACS+ server configuration.
n
Add TACACS+ as an authentication method for your IX10 device.
n
Additional configuration items
Whether other user authentication methods should be used in addition to the TACACS+ server,
n
or if the TACACS+ server should be considered the authoritative login method.
Enable command authorization, so that the device will communicate with the TACACS+ server
n
to determine if the user is authorized to execute a specific command.
Enable command accounting, so that the device will communicate with the TACACS+ server to
n
log commands that the user executes.
IX10 User Guide
Terminal Access Controller Access-Control System Plus (TACACS+)
for more information about authentication methods.
707