Setting up an ipv4 and ipv6 capable tacacs+ server – HP Virtual Connect 8Gb 20-port Fibre Channel Module for c-Class BladeSystem User Manual

Virtual Connect users and roles 81

member = testgroup <------- Member of group "testgroup"
}

# groups
group = testgroup1 {
member = ALL_STAFF
service = hp-vc-mgmt {

<------- Service for

role-authorization
autocmd = network <------- Authorize privilege "network"
autocmd = domain <------- Authorize privilege "domain"
}
}
group = testgroup2 {
member = ALL_STAFF
service = hp-vc-mgmt {

autocmd = domain:network

<------- Colon-separated list

of privileges
}
}
group = ALL_STAFF {
}
# End config file

In this example, two different usages of autocmd= are shown:

•

Separate lines used for each privilege, supported in VC 3.30 and higher

•

Colon-separated privilege list, supported in VC 4.10 and higher

Configuration can differ from one TACACS+ server to another. For more information, see the TACACS+

server documentation during configuration.
The server logs can be accessed on the TACACS+ server at /var/log/tac_plus.log. The accounting

log is available under /var/log/tac_plus.acct, which records all command logging requests.

Setting up an IPv4 and IPv6 capable TACACS+ server

The following procedure provides an example of setting up a TACACS+ server on an external host running
Linux.

1.

Download and install the latest version of the TACACS+ server from the tac plus website
(

http://www.pro-bono-publico.de/projects/tac_plus.html

).

2.

Add the shared-secret key for VC, a list of users, their passwords and member groups (can be recursive)
as show in the example.

3.

Specify the VCM roles to be authorized for each user or group by using the keyword autocmd in the

server configuration file /etc/tac_plus.conf. Specify multiple privileges by using colon (:)

separated values. For example, "domain" and "network" privileges can be specified using
autocmd=domain:network.
The following is a sample configuration:

# set the secret key for client