TACACS+ authentication - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

From the Secure Shell service configuration page, you can configure TACACS+ authentication to allow users to authenticate against external TACACS+ servers to log in to the DNS/DHCP Server.

Attention:
  • Before you begin, BlueCat strongly recommends creating a "Break Glass" account to ensure that the server can be access in case of accidental configuration.
  • You must have an operating TACACS+ server in order to proceed with configuring TACACS+ authentication.

To configure TACACS+ authentication on a DNS/DHCP Server:

  1. From the configuration drop-down menu, select a configuration.
  2. Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  3. Under Servers, click the name of a BDDS. The Details tab for the server opens.
  4. Click the server name menu and select Service Configuration.
  5. From the Service Type drop-down menu, select Secure Shell (SSH). Address Manger queries the server and returns the current values for the service settings.
  6. Under TACACS, enter the following information:
    • Enable TACACS—select this check box to enable TACACS+ authentication; deselect this check box to disable TACACS+ authentication.
    • Server—enter the hostname or IP address of the TACACS+ server that will be used for authentication.
    • Secret—enter the shared secret used to encrypt and decrypt packets between the client and the server.
  7. Within the Users table, enter the following information:
    • User Name—enter the name of the TACACS+ user.
    • Member Of—enter the name of the TACACS+ group that the user is a member of.
    • Executables—enter the path to the commands that are granted to the TACACS+ user. You can enter multiple paths to commands using a comma separated values. For example: /sbin/ifup,/sbin/ifdown
    • Click Add to add the configured user permissions.

    You can use the Move Up, Move Down, and Remove to modify the content of the list and the order.

  8. Within the Groups table, enter the following information:
    • Group Name—enter the name of the TACACS+ group.
    • Executables—enter the path to the commands that are granted to the TACACS+ group. You can enter multiple paths to commands using a comma separated values. For example: /sbin/ifup,/sbin/ifdown
    • Click Add to add the configured group permissions.

    You can use the Move Up, Move Down, and Remove to modify the content of the list and the order.

  9. Click Update.