From the Secure Shell service configuration page, you can configure TACACS+
authentication to allow users to authenticate against external TACACS+ servers to log in to
the DNS/DHCP Server.
Attention:
- Before you begin, BlueCat strongly recommends creating a "Break
Glass" account to ensure that the server can be access in case of accidental
configuration.
- You must have an operating TACACS+ server in order to proceed with
configuring TACACS+ authentication.
To configure TACACS+ authentication on a DNS/DHCP Server:
-
From the configuration drop-down menu, select a configuration.
-
Select the Servers tab. Tabs remember the page you
last worked on, so select the tab again to ensure you're on the
Configuration information page.
-
Under Servers, click the name of a BDDS. The Details tab
for the server opens.
-
Click the server name menu and select Service
Configuration.
-
From the Service Type drop-down menu, select Secure
Shell (SSH). Address Manger queries the server and returns the current
values for the service settings.
-
Under TACACS, enter the following information:
- Enable TACACS—select this check box to enable
TACACS+ authentication; deselect this check box to disable TACACS+
authentication.
- Server—enter the hostname or IP address of the
TACACS+ server that will be used for authentication.
- Secret—enter the shared secret used to encrypt
and decrypt packets between the client and the server.
-
Within the Users table, enter the following
information:
- User Name—enter the name of the TACACS+
user.
- Member Of—enter the name of the TACACS+ group
that the user is a member of.
- Executables—enter the path to the commands that
are granted to the TACACS+ user. You can enter multiple paths to
commands using a comma separated values. For example:
/sbin/ifup,/sbin/ifdown
- Click Add to add the configured user
permissions.
You can use the Move Up, Move
Down, and Remove to modify the
content of the list and the order.
-
Within the Groups table, enter the following
information:
- Group Name—enter the name of the TACACS+
group.
- Executables—enter the path to the commands that
are granted to the TACACS+ group. You can enter multiple paths to
commands using a comma separated values. For example:
/sbin/ifup,/sbin/ifdown
- Click Add to add the configured group
permissions.
You can use the Move Up, Move
Down, and Remove to modify the
content of the list and the order.
-
Click Update.