User authentication Terminal Access Controller Access-Control System Plus (TACACS+)
Digi Connect IT® 16/48 User Guide
520
Error: Unrecognised token on line 1
5. Restart the TACACS+ server:
$ sudo /etc/init.d/tacacs_plus restart
TACACS+ server failover and fallback to local authentication
In addition to the primary TACACS+ server, you can also configure your Connect IT 16/48 device to use
backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the
primary TACACS+ server is unavailable.
Falling back to local authentication
With user authentication methods, you can configure your Connect IT 16/48 device to use multiple
types of authentication. For example, you can configure both TACACS+ authentication and local
authentication, so that local authentication can be used as a fallback mechanism if the primary and
backup TACACS+ servers are unavailable. Additionally, users who are configured locally but are not
configured on the TACACS+ server are still able to log into the device. Authentication methods are
attempted in the order they are listed until the first successful authentication result is returned;
therefore if you want to ensure that users are authenticated first through the TACACS+ server, and
only authenticated locally if the TACACS+ server is unavailable or if the user is not defined on the
TACACS+ server, then you should list the TACACS+ authentication method prior to the Local users
authentication method.
See User authentication methods for more information about authentication methods.
If the TACACS+ servers are unavailable and the Connect IT 16/48 device falls back to local
authentication, only users defined locally on the device are able to log in. TACACS+ users cannot log in
until the TACACS+ servers are brought back online.
Configure your Connect IT 16/48 device to use a TACACS+ server
This section describes how to configure a Connect IT 16/48 device to use a TACACS+ server for
authentication and authorization.
Required configuration items
n Define the TACACS+ server IP address or domain name.
n Define the TACACS+ server shared secret.
n The group attribute configured in the TACACS+ server configuration.
n The service field configured in the TACACS+ server configuration.
n Add TACACS+ as an authentication method for your Connect IT 16/48 device.
Additional configuration items
n Whether other user authentication methods should be used in addition to the TACACS+ server,
or if the TACACS+ server should be considered the authoritative login method.
n The TACACS+ server port. It is configured to 49 by default.
n Add additional TACACS+ servers in case the first TACACS+ server is unavailable.
WebUI
To Next Page
Loading...
Need help?
General