In the router, you need to configure aaa authentication to enable the router querying the TACACS server for authentication data. As you might know, AAA stands for Authentication, Authorization, and Accounting. You should be able to do Authentication (Who are allowed to login), Authorization (What can he/she do when he/she logged in) and Accounting (What has he/she done during his login session).
Here is the sample configuration in the cisco router:
aaa new-model aaa authentication login default tacacs local |
This configuration means, user's login session will authenticated first by Tacacs. If Tacacs failed, it will be authenticated agains the local user account. Remember username
password command that you used during configuring PPP authentication.
After that you need to specify the tacacs servers:
tacacs-server host 10.6.101.101 tacacs-server key cisco |
In the Linux server where the TACACS service is running, you need to look for the tacacs configuration file. Normally it is located in /etc/tac_plus (for tacacs+)
Sample configuration;
!--- This creates a superuser (such as one with administrator permissions) !--- who is granted all privileges by "default service = permit", and has a password !--- that allows for connections in any mode. user = Russ { global = cleartext 'bar' default service = permit } |
No comments:
Post a Comment