User`s guide
Miscellaneous Procedures 513
Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers
•Add the raccess service to each user’s configuration and define the
group_name to which each user belongs.To give a user administrative
access, make the group_name = admin.
Configuring a TACACS+ Authentication Server on
the Command Line
The following list defines the values that must be defined when configuring a
TACACS+ authentication server.
• authhost1: IP address of the TACACS+ authentication server. A second
TACACS+ authentication server can be configured with the parameter
authhost2.
• accthost1: IP address of a TACACS+ accounting server, which can be
used to track how long users are connected after being authorized by the
authentication server. Its use is optional. If this parameter is not defined,
accounting is not be performed. If the same server is used for
authentication and accounting, both parameters must be defined with the
same address. A second TACACS+ accounting server can be configured
with the parameter accthost2.
• secret:
The shared secret (password) necessary for communication between
the
OnSite
and the
TACACS+
servers.
• encrypt: The default is 1, enable encryption. 0 means disable
encryption.
• service: The service to be enabled, in this case: “raccess.”
• protocol: The default is lcp (line control protocol). Specify another
parameter if required.
user = username {
global = cleartext “group password” {
service = raccess {
group_name = groupname;
}
}