Loading ...
Loading ...
Loading ...
166
9. Authentication
9.1.2 TACACS Authentication
Perform the following procedure to configure the TACACS+ authentication method used whenever the console server or any of
its serial ports or hosts is accessed:
• Select Serial and Network > Authentication and check TACAS, LocalTACACS, TACACSLocal or TACACSDownLocal.
• Enter the Server Address (IP or host name) of the remote authentication/authorization server. Multiple remote servers may
be specified in a comma-separated list. Each server is tried in succession.
• Session accounting is on by default. If session accounting information is not desired, check the Disable Accounting
checkbox. One reason often cited for not wanting session accounting is, if the authentication server does not respond to
accounting requests, the said request may introduce a delay when logging in.
• In addition to multiple remote servers, you can also enter separate lists of authentication/authorization servers and
accounting servers. If no Accounting servers are specified, the authentication/authorization servers are used.
• Enter and confirm the Server Password. Then select the method to be used to authenticate to the server (defaults to PAP).
To use DES encrypted passwords, select Login.
• If required, enter the TACACS Group Membership Attribute to be used to indicate group memberships (defaults to
groupname#n).
• If required, specify the TACACS Service used to authenticate. This determines which set of attributes are returned by the
server (defaults to raccess).
• If required, check Default Admin Privileges to give all TACAS+ authenticated users administrator privileges. Use Remote
Groups must also be checked for these privileges to be granted.
• The TACACS Privilege Level feature only applies to TACACS remote authentication. When Ignore Privilege Level is
enabled, the priv-lvl setting for all of the users defined on the TACACS AAA server will be ignored.
Note: A Tripp Lite device normally interprets a user with a TACACS priv-lvl of 12 or above as an administrator. There is a special case where
a user with a priv-lvl of 15 is also given access to all configured serial ports. When the Ignore Privilege Level option is enabled (checked in
the UI), there are no escalations of privileges based on the priv-lvl value from the TACACS server.
If the only thing configured for one or more TACACS users is priv-lvl (e.g., no specific port access or group memberships set), console
server access will be revoked for those users, as they will not be a member of any groups, even if the Retrieve Remote groups option in the
Authentication menu is enabled.
Loading ...
Loading ...
Loading ...