For TACACS+ authenticators, set the following values:
| Field | Description |
|---|---|
| Name | Enter a name for the authenticator. |
| Hostname | The Fully Qualified Domain Name or IP address for the authenticator. Attention: The Host field cannot contain underscore
( _ ) characters. If the FQDN of the host contains underscore
characters, you must either enter the IP address of the host or modify the FQDN
so that it does not contain underscore characters and enter the updated FQDN
without underscore characters.
|
| Port | Enter the TCP port number. TACACS+ uses TCP as the communication protocol between the client and server. The default setting is 49. |
| Authentication type | Select Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). |
| Shared secret | Enter the shared secret used to encrypt and decrypt packets between the client and the server. |
| Group attribute | Enter the special attribute used for the custom service in the TACACS+ server. This attribute is used to get the value (group name) defined in the TACACS+ server. |
| Timeout | Specify a value for the timeout setting used for authentication requests sent
to the TACACS+ server. The minimum value is 1 second and the maximum value is 60 seconds. |
| Unit | The unit to use with the timeout value - either seconds, minutes, hours, or days. |
| Attribute / Value | Specify the attribute-value pairs defined for the custom service in the TACACS+ server, such as "service:ppp" or "protocol:ip". The attribute-value pairs are used to identify the custom service and retrieve the group name using the group attribute defined in the custom service. |
Note: After the attribute-value pair is verified
against the attribute and value for the service account, the TACACS+ server returns
the group attribute which will be used to get the group name. Address Manager now allows the user to log in and add the user to the
group that matches the group attribute returned by the TACACS+ server.