beautypg.com

Configuring the tacacs+ server on linux, The tac_plus.cfg file – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 167

background image

provide lists of Admin Domains or Virtual Fabrics to which the user should have access. For details,
refer to

The tac_plus.cfg file

on page 167.

On the Brocade switch, use the aaaConfig command to configure the switch to use TACACS+ for
authentication. The aaaConfig command also allows you to specify up to five TACACS+ servers. When
a list of servers is configured, failover from one server to another server happens only if a TACACS+
server fails to respond. It does not happen when user authentication fails.

Failover to another TACACS+ server is achieved by means of a timeout. You can configure a timeout
value for each TACACS+ server, so that the next server can be used in case the first server is
unreachable. The default timeout value is 5 seconds.

Retry, the number of attempts to authenticate with a TACAS+ server, is also allowed. The default value
is 5 attempts. If authentication is rejected or times out, Fabric OS will try again. The retry value can also
be customized for each user.

Refer to

Remote authentication configuration on the switch

on page 169 for details about configuring

the Brocade switch for authenticating users with a TACACS+ server.

Configuring the TACACS+ server on Linux

Fabric OS software supports TACACS+ authentication on a Linux server running the Open Source
TACACS+ LINUX package v4.0.4 from Cisco. To install and configure this software, perform the
following steps.

1. Download the TACACS+ software from http://www.cisco.com and install it.
2. Configure the TACACS+ server by editing the tac_plus.cfg file.

Refer to

The tac_plus.cfg file

on page 167 for details.

3. Run the tac_plus daemon to start and enable the TACACS+ service on the server.

switch:admin> tac_plus -d 16 /usr/local/etc/mavis/sample/tac_plus.cfg

The tac_plus.cfg file

The TACACS+ server is configured in the tac_plus.cfg file. Open the file by using the editor of your
choice and customize the file as needed.

You must add users into this file and provide some attributes specific to the Brocade implementation.

Table 27

lists and defines attributes specific to Brocade.

Brocade custom TACACS+ attributes

TABLE 27

Attribute

Purpose

brcd-role

Role assigned to the user account

brcd-AV-Pair1

The Admin Domain or Virtual Fabric member list, and chassis role

brcd-AV-Pair2

The Admin Domain or Virtual Fabric member list, and chassis role

brcd-passwd-expiryDate

The date on which the password expires

brcd-passwd-warnPeriod

The time before expiration for the user to receive a warning message

Configuring the TACACS+ server on Linux

Fabric OS Administrators Guide

167

53-1003130-01

See also other documents in the category Brocade Computer Accessories: