In order to support TACACS+ groups in LiveWire RBAC, the user must manually modify their TACACS+ group configuration. For each group block in the TACACS+ configuration file, the user must add a “livewire” service block with a “livewire-group” attribute containing the name of the group as its value.
The TACACS+ configuration file is typically at /etc/tacacs+/tac_plus.conf.
For example, let’s take the following snippet from a TACACS+ configuration file: Add TACACS+ groups to LiveWire RBAC.
This snippet has a user named “tadmin” and puts that user in the “admin” group.
In order to make the “admin” group work with LiveWire RBAC, the user will need to add the “livewire” service block with a “livewire-group” attribute containing the name of the group as its value. For example:
A “livewire” service block was added with a “livewire-group” attribute containing the value “admin”, which is the name of the group. Now in LiveWire RBAC, the “tadmin” user is associated with the TACACS+ group “admin”.