This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TACACS+ with EXOS 16.2.5

TACACS+ with EXOS 16.2.5

Mike84
New Contributor

‎09-06-2023 07:33 AM

Good afternoon,

we have some Extreme Networks swtiches with EXOS running that we would like to authenticate against our TACACS+ Server (tac_plus on Linux). I set up the authentication on the switches with

configure tacacs primary server 192.168.224.69 49 client-ip 192.178.14.5 vr VR-Default
configure tacacs primary shared-secret encrypted ##REMOVED##
configure tacacs-accounting primary server 192.168.224.69 49 client-ip 192.178.14.5 vr VR-Default
configure tacacs-accounting primary shared-secret encrypted ##REMOVED##
enable tacacs
enable tacacs-accounting
enable tacacs-authorization

 

On the tac_plus Server I have

service = Extreme-XMC-Auth {
   set local-user-name=remote-su
}
service = ppp {
   set priv-lvl=15
   set shell:roles=sysadmin
}

 

We are able to login with the TACACS+ users but they are always recognized as exec level users.
The admin users (priv-lvl=15) are ignored by EXOS. Unfortunately I can not find the required attributes to fix this at the forum or the EXOS manuals.

Could anyone help me with this?

0 Kudos
2 REPLIES 2

OscarK
Extreme Employee

‎09-07-2023 05:34 AM

Maybe you need to add a command set permit all like mentioned in this article ?

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000078779

 

0 Kudos

Meganbond
New Contributor

‎09-07-2023 02:38 AM

Ensure your TACACS+ server provides the correct attributes that EXOS understands to elevate user permissions. On the TACACS+ server side, you might need to adjust the service or priv-lvl attributes for proper interpretation by EXOS. Consider reviewing the EXOS documentation or reaching out to Extreme Networks' support for specific TACACS+ attributes they use for privilege levels.

TellTims
0 Kudos
GTM-P2G8KFN