Tacacs+ Server Setting, Admin Setting?

  • 0
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: Apr 17 2013 1:53PM

Hi,

we have a X670-48x with version 15.2.2.7 in the field.
We made our Authentication whit a tacacs-server, the settings a work fine.
But when we logged in the switch we dont have admin rights,
what we need for variabels send from the tacacs-server to the switch to give the
users admin rights. Or give it any other way to make the tacacs-user to an admin after there
is logged into the switch?

best regards
mp

(from mp)
Photo of EtherNation User

EtherNation User, Employee

  • 20,350 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,350 Points 20k badge 2x thumb
Create Date: Apr 18 2013 1:21PM

No one any idea?

(from mp)
Photo of EtherNation User

EtherNation User, Employee

  • 20,350 Points 20k badge 2x thumb
Create Date: Apr 29 2013 4:03PM

We have found the answer.

Give the Tacacs-User on the Tacacs-Server privileg 15, thats it.
Now all User from Tacacs-Server are Admins.

Now i have a new Problem, we want to create a single User (admin) were ist not authenticate over Tacacs, is this possible?

At the moment we can create a User on the switch but this users are not working so long the Tacacs is enable!?

best regards
mp

(from mp)
Photo of Nick M

Nick M

  • 60 Points
I am using TACACS+ Server for Windows by TACACS.net on the Extreme EXOS (BlackDiamond or 440 series switches). I was able to to get my server and switch to authenticate and when log in come up in enable mode.

Remember on the authoriztion.xml to add the follow:

    </UserGroups>
        <ClientGroups>
            <ClientGroup>EXTREME_EXOS</ClientGroup>
        </ClientGroups>
        <AutoExec>
            <Set>priv-lvl=15</Set>              <------------- this is what allows it to log in with enable.
        </AutoExec>
        <Shell>
            <Permit>.*</Permit>
        </Shell>
        <Services>
        </Services>



http://www.filedropper.com/authentication
http://www.filedropper.com/authorization
http://www.filedropper.com/clientstxt


This conversation is no longer open for comments or replies.