Edit Tacacs User change configuration of tacacs user inside tacacs gui

Tacacs Users. Edit Tacacs User

---

• Edit Tacacs User Tabs

  • General Tab

  • Message Tab

  • Access Rules Tab

  • Extra Options Tab

  • OTP Tab (One-Time Password)

  • SMS Tab

  • Manual Tab

---

Feild	Description
Username Enabled it will be used for authentication and you can change it later	(Required!) The unique user name. Also you can switch the new user with Disabled (if you see that, the user will be disabled) or Enabled (if you see that, the user will be enabled) buttons. Disabled user will be stored in database, but won’t appear in the main configuration.
User Group Name Group_1 Group_2 Group_3 Preconfigured values: e – enable; m – message	Every user can be member of predefined user group. If user doesn’t have some settings it will try to take them from group.
Login Password	(Required!) The main password of the new user. The password can be stored in clear text (0), md5 hash (1) or inside of local database (3). In case of choosing md5 hashing don’t forget to select that the system should make hash from text that you put or you put hash (“Encrypt the login password (hashing), uncheck it if you put hash”). In case of using local database you can set parameter of change password for that user (also it must be set globally).
Enable Password	Enable password for that user. The enable password can be stored in clear text (0), md5 hash (1) or as a clone of login password (4).

The message that will appeared after user log in.

More info about special characters you can find here.

Field	Description
Privilege Level Unset default 15, if Undefined it will not appeared in configuration	Privilege level settings
Access Control List acl_1 acl_3 acl_3 select ACL	Here you can set pre-configured tacacs Access Control List (ACL), to restrict access for specific ip addresses. How to add new tacacs ACL?
Access Service service_1 service_3 service_3 select service	Here you can define service for the new user. Service used for restrict access inside the device, it is a part of authorization. You can restrict access inside of device (after log in) with service. Every vendor has your own parameters of service attributes. How to define new tacacs service?
Default service	If checked the default service for that user will permited.
Valid From	Date of the user access begin. The user access will be restricted before that date.
Valid Until	Date of the user access end. The user access will be restricted after that date.
Client (NAC) IP Address restrict access, only from specified ip address(es). It should be in sort of <ip address>/<prefix>	Fast way to restrict access without acl, only if user will be with that ip address or inside that network access will be allowed.
NAS IP Address restrict access, only to specified NAS ip address(es). It should be in sort of <ip address>/<prefix>	Fast way to restrict access without acl, allow user access to device or network only.

Field	Description
PAP Authentication default login clone, if empty that option will not appeared in configuration	Some devices require pap authentication, e.g. Nexus, PaloAlto and so on. The pap password can be stored in clear text (0), md5 hash (1) or as a clone of login password (4).
CHAP Authentication default empty, if empty that option will not appeared in configuration	Chap authentication password. Can be stored only in clear text.
MS-CHAP Authentication default empty, if empty that option will not appeared in configuration	MS-chap authentication password. Can be stored only in clear text.

Field	Description
Enable OTP Auth	If checked, that user can be authenticated only with this way.
Secret Key Generate New	Unique secret key that used for creating One-Time Password
Period period of generating OTP. By default, the period for a TOTP is 30 seconds	The period of generating OTP. By default, the period for a TOTP is 30 seconds.
Digits by default the number of digits is 6, more than 10 may be difficult to use by the owner	Number of digits inside of One-Time Password.
Digest sha1 md5 if you don’t know what to choose leave it as default (first value)	Hash algorithm.

One-Time Password generated with special client. There are many different client that can generate OTP, e.g. Google Authenticator you can find it in App Store or in Google Play. But I don’t recommend to use that client, my choice is OTP Auth (unfortunately only for iOS).

Field	Description
Enable SMS Auth	If checked, that user can be authenticated only with this way.
Phone Number	Phone Number that will receive SMS passwords

Here you can define manual settings for new user. More info you can find here.

---