Edit Tacacs User change configuration of tacacs user inside tacacs gui

Tacacs Users. Edit Tacacs User


Section Content


Edit User Tabs

General Tab

General Tab

Table Fields Overview
Feild Description

it will be used for authentication and you can change it later

(Required!) The unique user name. Also you can switch the new user with (if you see that, the user will be disabled) or (if you see that, the user will be enabled) buttons. Disabled user will be stored in database, but won’t appear in the main configuration.

Preconfigured values: e – enable; m – message

Every user can be member of predefined user group. If user doesn’t have some settings it will try to take them from group.
(Required!) The main password of the new user. The password can be stored in clear text (0), md5 hash (1) or inside of local database (3). In case of choosing md5 hashing don’t forget to select that the system should make hash from text that you put or you put hash (“Encrypt the login password (hashing), uncheck it if you put hash”). In case of using local database you can set parameter of change password for that user (also it must be set globally).
Enable password for that user. The enable password can be stored in clear text (0), md5 hash (1) or as a clone of login password (4).

Message Tab

Message Tab

The message that will appeared after user log in.

More info about special characters you can find here.

Access Rules Tab

Access Tab

Table Fields Overview
Field Description

default 15, if Undefined it will not appeared in configuration

Privilege level settings

select ACL

Here you can set pre-configured tacacs Access Control List (ACL), to restrict access for specific ip addresses. How to add new tacacs ACL?

select service

Here you can define service for the new user. Service used for restrict access inside the device, it is a part of authorization. You can restrict access inside of device (after log in) with service. Every vendor has your own parameters of service attributes. How to define new tacacs service?
If checked the default service for that user will permited.
Date of the user access begin. The user access will be restricted before that date.
Date of the user access end. The user access will be restricted after that date.

restrict access, only from specified ip address(es). It should be in sort of <ip address>/<prefix>

Fast way to restrict access without acl, only if user will be with that ip address or inside that network access will be allowed.

restrict access, only to specified NAS ip address(es). It should be in sort of <ip address>/<prefix>

Fast way to restrict access without acl, allow user access to device or network only.

Extra Options Tab

Extra Options Tab

Table Fields Overview
Field Description

default login clone, if empty that option will not appeared in configuration

Some devices require pap authentication, e.g. Nexus, PaloAlto and so on. The pap password can be stored in clear text (0), md5 hash (1) or as a clone of login password (4).

default empty, if empty that option will not appeared in configuration

Chap authentication password. Can be stored only in clear text.

default empty, if empty that option will not appeared in configuration

MS-chap authentication password. Can be stored only in clear text.

OTP Tab (One-Time Password)

OTP Tab

Table Fields Overview
Field Description
If checked, that user can be authenticated only with this way.
Unique secret key that used for creating One-Time Password

period of generating OTP. By default, the period for a TOTP is 30 seconds

The period of generating OTP. By default, the period for a TOTP is 30 seconds.

by default the number of digits is 6, more than 10 may be difficult to use by the owner

Number of digits inside of One-Time Password.

if you don’t know what to choose leave it as default (first value)

Hash algorithm.

One-Time Password generated with special client. There are many different client that can generate OTP, e.g. Google Authenticator you can find it in App Store or in Google Play. But I don’t recommend to use that client, my choice is OTP Auth (unfortunately only for iOS).

SMS Tab

SMS Tab

Table Fields Overview
Field Description
If checked, that user can be authenticated only with this way.
Phone Number that will receive SMS passwords

Manual Tab

Manual Tab

Here you can define manual settings for new user. More info you can find here.


Don't Forget to Apply the configuration!

Changes will take effect only after configuration apply!

Author: Alexey Mochalin; Created at: 2018-11-01 22:39:44; Updated at: 2018-11-08 16:47:15