For TACACS+ authenticators, set the following in the Additional
Properties section:
Field | Description |
---|---|
TCP Port | Enter the TCP port number. TACACS+ uses TCP as the communication protocol between the client and server. The default setting is 49. |
Authentication Type | Select Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). |
Shared Secret | Enter the shared secret used to encrypt and decrypt packets between the client and the server. |
Group Attribute | Enter the special attribute used for the custom service in the TACACS+ server. This attribute is used to get the value (group name) defined in the TACACS+ server. |
Timeout (seconds) | Optional. Specify the value in seconds to override the timeout setting
used for authentication requests sent to the TACACS+ server. If no value is specified, the default value is 2 seconds. The minimum value is 1 second and the maximum value is 60 seconds. |
Attribute-Value pairs | Specify the attribute-value pairs defined for the custom service in the TACACS+ server, such as "service:ppp" or "protocol:ip". The attribute-value pairs are used to identify the custom service and retrieve the group name using the group attribute defined in the custom service. |
Note: After the attribute-value pair is verified
against the attribute and value for the service account, the TACACS+ server returns
the group attribute which will be used to get the group name. Address Manager now allows the user to log in and add the user to the
group that matches the group attribute returned by the TACACS+ server.