Casio ACS V6000 manual To configure a group in a TACACS+ authentication server

Page 50

Chapter 3: Accessing a Virtual Console Server via the Web Manager 45

To configure a group in a TACACS+ authentication server:

1.On the server, add raccess service to the user configuration.

2.Define which group(s) the user belongs to in the raccess service following this syntax: group_name = <Group1>[,<Group2,...,GroupN>];

For example:

In the virtual console server, configure a new authorization group TACACS_1 , and configure the access rights for this group. In the TACACS+ server, configure the user regina with the following attribute:

raccess = group_name=TACACS_1

Then, configure the user special with the following attribute: raccess = group_name=admin

During the authentication phase, the virtual console server will receive the attribute raccess from the TACACS+ server. The user regina belongs to the authorization group TACACS_1 and the user special belongs to the authorization group admin.

To configure a group in a RADIUS authentication server:

Define which group(s) the user belongs to in the attribute FRAMED_FILTER_ID with the following syntax:

[:group_name=]<acs6000_group1>[,<acs6000_group2>];

NOTE: The group names should be separated by a comma and end with a semi-colon.

NOTE: The virtual console server accepts multiple FRAMED_FILTER_ID attributes.

For example:

In the virtual console server, configure new authorization groups RADIUS_1 and RADIUS_2, and configure the access rights for these groups. In the Radius server, configure the user regina with the following attribute:

FramedFilterID : FramedFilterID = group_name=RADIUS_1,RADIUS_2;

-or-

FramedFilterID = RADIUS_1,RADIUS_2;

-or-

FramedFilterID = RADIUS_1;

FramedFilterID += RADIUS_2;

Then, configure the user special with the following attribute:

FramedFilterID as group_name=admin

Image 50

Contents ACS Page ACS B L E of C on TE N TS Iii ACS v6000 Installation/Administration/User Guide Features and Benefits Access optionsFlexible users and groups Web ManagerIPv4 and IPv6 support VPN based on IPSec with NAT traversal AuthenticationSecurity Packet filteringData logging, notifications, alarms and data buffering Auto discoveryTo create the virtual machine using the vSphere client ACS v6000 virtual console server requirementsPage Using Telnet or SSH To close a Telnet session To use Telnet to connect to a device through a serial port# telnet hostname IPaddress To use SSH to connect to a device through a serial portTo close an SSH session ACS v6000 Installation/Administration/User Guide Web Manager Overview for Administrators To log into the web managerWizard Mode Wizard Screen To configure Ports To configure network parametersTo configure licenses To configure users and change the default user passwords Expert ModeAccess To view and connect to devices using the web managerSecurity profiles System ToolsSystem Select System Security Security Profile To configure the Security ProfileTo configure DSView 3 software security settings Date and Time Help and LanguageUsage VM SettingsInformation VCenter To configure a vCenterTo add an association by Datacenter License To power control targets using the web managerNetwork Devices SettingsTo configure a network device IPv4 and IPv6 static routesFirewall Configuring the firewallHosts To add a hostProtocol options To add a chainTo add a rule To change the policy for a default chainIPSecVPN To edit a rulePayload or AH Authentication Header Click Network Snmp Snmp ConfigurationTo configure Snmp Serial ports To enable or disable one or more serial portsPorts Select Ports Serial PortsCAS Ctrl-X Parameter Description Auto discovery To copy/clone the configuration of one port to other portsCAS Profile Select Ports CAS Profile Auto Answer To configure the input/output strings used by auto answerSelect Probe Strings or Match Strings Click Ports Pool of CAS Ports To configure a pool of CAS portsPool of CAS ports Authentication Pool of CAS Ports Parameters Parameter DescriptionTo set authentication for the console server Appliance authenticationAuthentication servers To configure a Radius authentication serverTo configure an Ldapsad authentication server To configure a TACACS+ authentication serverSelect Authentication Authentication Servers TACACS+ Select Authentication Authentication Servers LdapsadTo configure a DSView authentication server To configure a Kerberos authentication serverTo configure an NIS authentication server Users Accounts and User GroupsLocal accounts To add new usersAdmin group To configure password rulesClick Users Local Accounts Password Rules User groupsTo view admin Appliance Access Rights User group Appliance-admin groupShell-login-profile Managing user groupsTo remove members from a user group To configure a login profile for a user groupCheck the Enable Log-In Profile box To add access to serial ports for a user group To assign appliance access rights for custom user groupsTo configure a group in a TACACS+ authentication server To configure a group in a Radius authentication serverEvent Destinations Event NotificationsEvent List Select Events and Logs Data Buffering To configure Data BufferingData Buffering Monitoring To configure Appliance LoggingActive Sessions Appliance LoggingSelect Change Password Change PasswordTo change your own password Web Manager Overview for Regular UsersACS v6000 Installation/Administration/User Guide Appendix a BootP Configuration Retrieval ConfigurationTo resolve an issue Appendix B Technical SupportFor Technical Support