Setting up an ipv4 and ipv6 capable tacacs+ server – HP Virtual Connect 4Gb Fibre Channel Module for c-Class BladeSystem User Manual
Page 81
Virtual Connect users and roles 81
autocmd = domain:network
<------- Colon-separated list
of privileges
}
}
group = ALL_STAFF {
}
# End config file
In this example, two different usages of autocmd=<value> are shown:
•
Separate lines used for each privilege, supported in VC 3.30 and higher
•
Colon-separated privilege list, supported in VC 4.10 and higher
Configuration can differ from one TACACS+ server to another. For more information, see the TACACS+
server documentation during configuration.
The server logs can be accessed on the TACACS+ server at /var/log/tac_plus.log. The accounting
log is available under /var/log/tac_plus.acct, which records all command logging requests.
Setting up an IPv4 and IPv6 capable TACACS+ server
The following procedure provides an example of setting up a TACACS+ server on an external host running
Linux.
1.
Download and install the latest version of the TACACS+ server from the tac plus website
2.
Add the shared-secret key for VC, a list of users, their passwords and member groups (can be recursive)
as show in the example.
3.
Specify the VCM roles to be authorized for each user or group by using the keyword autocmd in the
server configuration file /etc/tac_plus.conf. Specify multiple privileges by using colon (:)
separated values. For example, "domain" and "network" privileges can be specified using
autocmd=domain:network.
The following is a sample configuration:
# set the secret key for client
host = 2001::97/64 {
key = tac!@123 <------- Secret-key for 2001::97/64
}
# users accounts
user = tacuser {
login = cleartext "password"
member = testgroup <------- Member of group "testgroup"
}
# groups
group = testgroup {
member = ALL_STAFF
service = hp-vc-mgmt {
<------- Service for
role-authorization