Tacacs Users. Add New Tacacs User
Section Content
Add New User Tabs
General Tab
General Tab
Table Fields Overview
| Feild | Description |
|---|---|
|
it will be used for authentication and you can change it later |
(Required!) The unique user name. Also you can switch the new user with (if you see that, the user will be disabled) or (if you see that, the user will be enabled) buttons. Disabled user will be stored in database, but won’t appear in the main configuration. |
|
Preconfigured values: e – enable; m – message |
Every user can be member of predefined user group. If user doesn’t have some settings it will try to take them from group. |
|
|
(Required!) The main password of the new user. The password can be stored in clear text (0), md5 hash (1) or inside of local database (3). In case of choosing md5 hashing don’t forget to select that the system should make hash from text that you put or you put hash (“Encrypt the login password (hashing), uncheck it if you put hash”). In case of using local database you can set parameter of change password for that user (also it must be set globally). |
|
|
Enable password for that user. The enable password can be stored in clear text (0), md5 hash (1) or as a clone of login password (4). |
Message Tab
Message Tab
The message that will appeared after user log in.
More info about special characters you can find here.
Access Rules Tab
Access Tab
Table Fields Overview
| Field | Description |
|---|---|
|
default 15, if Undefined it will not appeared in configuration |
Privilege level settings |
|
select ACL |
Here you can set pre-configured tacacs Access Control List (ACL), to restrict access for specific ip addresses. How to add new tacacs ACL? |
|
select service |
Here you can define service for the new user. Service used for restrict access inside the device, it is a part of authorization. You can restrict access inside of device (after log in) with service. Every vendor has your own parameters of service attributes. How to define new tacacs service? |
| If checked the default service for that user will permited. | |
|
|
Date of the user access begin. The user access will be restricted before that date. |
|
|
Date of the user access end. The user access will be restricted after that date. |
|
restrict access, only from specified ip address(es). It should be in sort of <ip address>/<prefix> |
Fast way to restrict access without acl, only if user will be with that ip address or inside that network access will be allowed. |
|
restrict access, only to specified NAS ip address(es). It should be in sort of <ip address>/<prefix> |
Fast way to restrict access without acl, allow user access to device or network only. |
Extra Options Tab
Extra Options Tab
Table Fields Overview
| Field | Description |
|---|---|
|
default login clone, if empty that option will not appeared in configuration |
Some devices require pap authentication, e.g. Nexus, PaloAlto and so on. The pap password can be stored in clear text (0), md5 hash (1) or as a clone of login password (4). |
|
default empty, if empty that option will not appeared in configuration |
Chap authentication password. Can be stored only in clear text. |
|
default empty, if empty that option will not appeared in configuration |
MS-chap authentication password. Can be stored only in clear text. |
OTP Tab (One-Time Password)
OTP Tab
Info!
That tab available only when you edit user.
SMS Tab
SMS Tab
Info!
That tab available only when you edit user.
Manual Tab
Manual Tab
Here you can define manual settings for new user. More info you can find here.
Don't Forget to Apply the configuration!
Changes will take effect only after configuration apply!