TACACS+ configuration

To configure TACACS+:

  1. Select SETTINGS > USER MANAGEMENT > Remote Authentication.

    Image of the Lighthouse UI showing how to set up TACAS Configuration

  2. Select TACACS+ from the Scheme drop-down menu.

  1. Choose the required Mode from the drop-down menu.

    • TACACSDownLocal:

    • TACACS: Default behavior

    • TACACS/Local

    • Local/TACACS

Note:See the Glossary for more information about these modes.

  1. Add the Address and optionally the Port of the TACACS+ authentication server to query.

  2. Select the Login Method. PAP is the default method. However, if the server uses DES-encrypted passwords, select Login.

  3. Add the Server password, also known as the TACACS+ Secret.

  4. Add the Service. This determines the set of attributes sent back by the TACACS+ server

Note:Multiple servers can be added. The TACACS+ subsystem queries them in a round-robin fashion.

To provide group membership, TACACS+ needs to be configured to provide a list of group names This following configuration snippet shows how this can be configured for a tac_plus server:

user = operator1 {

service = raccess {

groupname = west_coast_admin,east_cost_user

}

}

To do this with Cisco ACS, see Setting up permissions with Cisco ACS 5 and TACACS+ on the Opengear Help Desk.