TACACS+ configuration

1. Select > USERS & ACCOUNTS > Remote Authentication. 

2. The REMOTE AUTHENTICATION page displays.

3. From the TACACS+ options, select Radius

4. Choose the required Mode:

   • TACACS+DownLocal:

   • TACACS+Mode

   • LocalTACACS+

   • TACACS+Local

5. Enter the Address and optionally the Port of the Remote Authentication Server to query. The default port is 49.

   Note: Click Add Authentication Server to add multiple servers. The TACACS+ subsystem queries them in a round-robin fashion.

6. Select the Login Methodto set the method used to authenticate to the server. Defaults to PAP. To use DES encrypted passwords, select Login

7. Enter and confirm the Server Password, also known as the TACACS+ Secret.

8. Enter the TACACS+ service. This determines which set of attributes are returned by the server. Defaults to "raccess".

9. Click Apply.

To provide group membership, TACACS+ needs to be configured to provide a list of group names. The following configuration snippet shows how this can be configured for a tac_plus server:

user = operator1 {

service = raccess {

groupname = west_coast_admin,east_cost_user

}

}

To do this with Cisco ACS, see Setting up permissions with Cisco ACS 5 and TACACS+ on the Opengear Help Desk.