28
edits
User Management: Difference between revisions
→TACACS+ users
No edit summary |
|||
| Line 90: | Line 90: | ||
=== TACACS+ users === | === TACACS+ users === | ||
... | In the TACACS+ user tab, it is possible to define a TACACS+ server for user management. TACACS+ users are only an addition to the locally defined users. Locally defined users take precedence over TACACS+ users. If both TACACS+ and LDAP are configured, LDAP will be queried first. | ||
The '''Authorization service name''' defines the TACACS+ service (defined on the TACACS+ server) which is queried in the authorization request. | |||
The '''Authorization group key''' defines the attribute of the attribute-value pair (AVP) returned in the authroization request, which lists the groups of the user. Theses groups (as defined in the TACACS+ server) can be mapped to roles as defined by the Allegro Network Multimeter. | |||
==== Example ==== | |||
Lets assume the TACACS+ server is configured to have a service '<nowiki/>''allegro''<nowiki/>'. For this service, it returns the groups of the user as attribute '<nowiki/>''groups''<nowiki/>'. The user groups defined on the TACACS+ server have the names '<nowiki/>''allegro-admins''<nowiki/>', '<nowiki/>''allegro-users''<nowiki/>' or '''allegro-replay''<nowiki/>'. | |||
This would require the following settings on the Allegro Network Multimeter: | |||
Authorization service name : allegro | |||
Authorization group key : groups | |||
Group mapping : | |||
admin : allegro-admins | |||
user : allegro-users | |||
replay-user : allegro-replay | |||