topic Re: TACACS+ with EXOS 16.2.5 in ExtremeSwitching (EXOS/Switch Engine)

TACACS+ with EXOS 16.2.5

Mike84 — Wed, 06 Sep 2023 14:33:26 GMT

Good afternoon,

we have some Extreme Networks swtiches with EXOS running that we would like to authenticate against our TACACS+ Server (tac_plus on Linux). I set up the authentication on the switches with

configure tacacs primary server 192.168.224.69 49 client-ip 192.178.14.5 vr VR-Default
configure tacacs primary shared-secret encrypted ##REMOVED##
configure tacacs-accounting primary server 192.168.224.69 49 client-ip 192.178.14.5 vr VR-Default
configure tacacs-accounting primary shared-secret encrypted ##REMOVED##
enable tacacs
enable tacacs-accounting
enable tacacs-authorization

On the tac_plus Server I have

service = Extreme-XMC-Auth {
set local-user-name=remote-su
}
service = ppp {
set priv-lvl=15
set shell:roles=sysadmin
}

We are able to login with the TACACS+ users but they are always recognized as exec level users.
The admin users (priv-lvl=15) are ignored by EXOS. Unfortunately I can not find the required attributes to fix this at the forum or the EXOS manuals.

Could anyone help me with this?

Re: TACACS+ with EXOS 16.2.5

Meganbond — Thu, 07 Sep 2023 09:38:43 GMT

Ensure your TACACS+ server provides the correct attributes that EXOS understands to elevate user permissions. On the TACACS+ server side, you might need to adjust the service or priv-lvl attributes for proper interpretation by EXOS. Consider reviewing the EXOS documentation or reaching out to Extreme Networks' support for specific TACACS+ attributes they use for privilege levels.

Re: TACACS+ with EXOS 16.2.5

OscarK — Thu, 07 Sep 2023 12:34:36 GMT

Maybe you need to add a command set permit all like mentioned in this article ?

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000078779