Configuring the tacacs+ server on linux, The tac_plus.cfg file, Table 20 – Dell POWEREDGE M1000E User Manual

Page 172

Advertising
background image

172

Fabric OS Administrator’s Guide

53-1002745-02

Remote authentication

5

Configuring the TACACS+ server on LINUX

FabricOS software supports TACACS+ authentication on a LINUX server running the Open Source
TACACS+ LINUX package v4.0.4 from Cisco. To install and configure this software, perform the
following steps.

1. Download the TACACS+ software from http://www.cisco.com and install it.

Refer to the Cisco documentation for installation instructions.

2. Configure the TACACS+ server by editing the tac_plus.cfg file.

Refer to

“The tac_plus.cfg file”

(below) for details.

3. Run the tac_plus daemon to start and enable the TACACS+ service on the server.

Example

> tac_plus -d 16 /usr/local/etc/mavis/sample/tac_plus.cfg

The tac_plus.cfg file

All configuration of the TACACS+ server is done in the tac_plus.cfg file. Open the file by using the
editor of your choice and customize the file as needed.

You must add users into this file and provide some attributes specific to the Brocade
implementation.

Table 20

lists and defines attributes specific to Brocade.

Adding a user and assigning a role

When adding a user to the tac_plus.cfg file, you should at least provide the brcd-role attribute. The
value assigned to this attribute should match a role defined for the switch. When a logon is
authenticated, the role specified by the brcd-role attribute represents the permissions granted to
the account. If no role is specified, or if the specified role does not exist on the switch, the account
is granted user role permissions only.

Refer to

“Role-Based Access Control”

on page 134 for details about roles.

The following fragment from a tac_plus.cfg file adds a user named fosuser1 and assigns the
securityAdmin role to the account.

user = fosuser1 {

chap = cleartext "my$chap$pswrd"
pap = cleartext "pap-password"
service = exec {

brcd-role = securityAdmin;

}

}

TABLE 20

Brocade custom TACACS+ attributes

Attribute

Purpose

brcd-role

Role assigned to the user account

brcd-AV-Pair1

The Admin Domain or Virtual Fabric member list, and chassis role

brcd-AV-Pair2

The Admin Domain or Virtual Fabric member list, and chassis role

brcd-passwd-expiryDate

The date on which the password expires

brcd-passwd-warnPeriod

The time before expiration for the user to receive a warning message

Advertising
Popular Brands
Popular manuals