...
Table of Contents
TACACS+ (Terminal Access Controller Access Control System) is a security protocol that is an enhancement to the original TACACS protocol. It uses the client / server model to communicate with the NAS and the TACACS + server to achieve user’s AAA management.
...
The user authorization level can be specified by using the parameter priv-lvl on TACACS+ server, which is sent in the TACACS+ Authorization response. The priv-lvl is mapped in mapped in AmpCon to one of four levels according to the local user level mapping configuration. The four levels include Readonly, Operator, Admin and Superadmin. You can find the sample configuration of authorization level on TACACS+ server in the second part of this page.
NOTE:
- Users of “Superadmin” and “Admin” level can manage or delete the local users.
- AmpCon will send the Authorization Request with “Arg [0]” service = AmpCon. On TACACS+ server, the value of parameter “service=AmpCon” should be used to set the processing of the authorization request as needed specifically for AmpCon users.
...
Step 3 If you want to disable TACACS+ authentication and authorization function, you can set the “Enable” parameter to "OFF". This will revert AmpCon login to use only the configured local users in the database.
Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus)
Here is a sample configuration of authorization level ofon the TACACS+ server.
Code Block |
---|
user = leontest { global = cleartext "abc" service = AmpCon { default attribute = permit priv-lvl = 15 } } user = automation1 { global = cleartext "automation" service = AmpCon { default attribute = permit priv-lvl = 10 } } user = testtest { global = cleartext "testtest" service = AmpCon { default attribute = permit priv-lvl = 5 } } user = testpica8 { global = cleartext "testpica8" service = AmpCon { default attribute = permit priv-lvl = 1 } } |