...
The user authorization level can be specified by using the parameter priv-lvl on TACACS+ server, which is sent in the TACACS+ Authorization response. The priv-lvl is mapped in mapped in AmpCon to one of four levels according to the local user level mapping configuration. The four levels include Readonly, Operator, Admin and Superadmin. You can find the sample configuration of authorization level on TACACS+ server in the second part of this page.
NOTE:
- Users of “Superadmin” and “Admin” level can manage or delete the local users.
- AmpCon will send the Authorization Request with “Arg [0]” service = AmpCon. On TACACS+ server, the value of parameter “service=AmpCon” should be used to set the processing of the authorization request as needed specifically for AmpCon users.
...
Step 3 If you want to disable TACACS+ authentication and authorization function, you can set the “Enable” parameter to "OFF". This will revert AmpCon login to use only the configured local users in the database.
Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus)
Here is a sample configuration of authorization level ofon the TACACS+ server.
| Code Block |
|---|
user = leontest {
global = cleartext "abc"
service = AmpCon {
default attribute = permit
priv-lvl = 15
}
}
user = automation1 {
global = cleartext "automation"
service = AmpCon {
default attribute = permit
priv-lvl = 10
}
}
user = testtest {
global = cleartext "testtest"
service = AmpCon {
default attribute = permit
priv-lvl = 5
}
}
user = testpica8 {
global = cleartext "testpica8"
service = AmpCon {
default attribute = permit
priv-lvl = 1
}
} |