Specifications
Configuring per-User Configuration
How to Configure a AAA Server for Per-User Configuration
DC-686
Cisco IOS Dial Technologies Configuration Guide
Configuring a Freeware TACACS Server for Per-User Configuration
On a TACACS server, the entry in the user file takes a standard form. In the freeware version of
TACACS+, the following lines appear in order:
• “User =” followed by the username, a space, and an open brace
• Authentication parameters
• Authorization parameters
• One or more AV pairs
• End brace on a line by itself
The general form of a freeware TACACS user entry is shown in the following example:
user = username {
authentication parameters go here
authorization parameters go here
}
The freeware TACACS user entry form is also shown by the following examples for specific users:
user= Router1
Password= cleartext welcome
Service= PPP protocol= ip {
ip:route=10.0.0.0 255.0.0.0
ip:route=10.1.0.0 255.0.0.0
ip:route=10.2.0.0 255.0.0.0
ip:inacl#5=deny 10.5.0.1
}
user= Router2
Password= cleartext lab
Service= PPP protocol= ip {
ip:addr-pool=bbb
}
For more requirements and detailed information, refer to your AAA server documentation.
Configuring a CiscoSecure TACACS Server for Per-User Configuration
The format of an entry in the user file in the AAA database is generally name = value. Some values allow
additional subparameters to be specified and, in these cases, the subparameters are enclosed in braces
({}). The following simple example depicts an AAA database showing the default user, one group, two
users that belong to the group, and one user that does not:
# Sample AA Database 1
unknown_user = {
password = system #Use the system's password file (/etc/passwd)
}
group = staff {
# Password for staff who do not have their own.
password = des "sefjkAlM7zybE"
service = shell {
# Allow any commands with any attributes.
default cmd = permit
default attribute = permit
}