[tac_plus] tac_plus authorization capability
Alan McKinnon
alan.mckinnon at gmail.com
Fri Jul 26 06:08:35 UTC 2013
On 26/07/2013 03:18, Musa Aydın wrote:
> Hi ,
>
> i set up a tac_plus and i do basic configuration about authentication .
> yes it is working absolutely good. but while i want to use authorization
> process such as different privilege level of users it is not working
> properly. i search some kind of document about this feature but nothing. if
> is possible i misunderstand tac_plus authorization capability. if i set a
> custom privilege level . which side assign a custom commands network device
> or tac_plus server ? which one is working truely ?
>
> at tacacs+ server
> group = newbie {
> service =exec
> priv-lvl = 6
> default service = deny
> cmd = show { permit *}
> cmd = ping ( permit *}
>
> user = test
> { member = newbie}
>
> or
>
> at router
>
> privilege level 6 show...
> privileve leve 6 ping...
>
> Briefly, Can i use tac_plus for speciifc commands authorization by assign
> specific privilege level completely tac_plus side ?
Yes, but you must tell the router to use it with the
"aaa authorization"
configuration
The router doesn't automatically use the tacacs server for authorization
--
Alan McKinnon
alan.mckinnon at gmail.com
More information about the tac_plus
mailing list