Required tacacs+ server settings, Setting up an ipv4-only tacacs+ server – HP Virtual Connect 4Gb Fibre Channel Module for c-Class BladeSystem User Manual
Page 80
Virtual Connect users and roles 80
Required TACACS+ server settings
The following TACACS+ server settings must be configured on VC to enable TACACS+-based
authentication:
•
Enable or disable flag
•
TACACS+ server IP address
•
Server SSL port number—the default (well-known) value for TACACS+ authentication is 49.
•
Shared secret server key—this is a plain text key that must be configured both on VC and on the server.
Both keys should match. The length of the secret key can vary from 1 to 128 characters.
•
Timeout—the time in seconds by which a server response must be received, before any retry for a new
request is made. The valid range of values is from 1 to 65535 seconds.
Setting up an IPv4-only TACACS+ server
The following procedure provides an example of setting up a TACACS+ server on an external host running
Linux.
1.
Download and install the latest version of the open-source Cisco TACACS+ server from the shrubbery
ftp site (
ftp://ftp.shrubbery.net/pub/tac_plus
).
2.
Add the shared-secret key for VC, a list of users, their passwords and member groups (can be
recursive), and the VCM roles to be authorized for each user or group in the server configuration file
/etc/tac_plus.conf. For example:
# set the secret key for client
host = 10.10.10.113 {
key = tac!@123 <------- Secret-key for 10.10.10.113
}
# users accounts
user = tacuser {
login = cleartext "password"
member = testgroup <------- Member of group "testgroup"
}
# groups
group = testgroup1 {
member = ALL_STAFF
service = hp-vc-mgmt {
<------- Service for
role-authorization
autocmd = network <------- Authorize privilege "network"
autocmd = domain <------- Authorize privilege "domain"
}
}
group = testgroup2 {
member = ALL_STAFF
service = hp-vc-mgmt {