TACACS+ Authentication

TACACS+ can be used as an external authentication service for end users and administrators to log in to Harmony Controller.

To configure Harmony Controller attribute on TACACS server

The configuration file at \etc\tac_plus.conf contains authentication information on the TACACS+ server. The default port is 49.

  1. Configure the port and secret password at the beginning of the file and followed by TACACS+ service restart.

  2. Configure the Harmony Controller attribute at the end of the file. The following snippet shows addition of a user user1.

user = user1 {
default service = permit
name = "user1"
login = cleartext password
pap = cleartext password
service = exec {
  A10-Harmony-Access-Groups="root:hc_provider_adminroot|providerB:hc_provider_adminproviderB|P1-Rds:hc_provider_admin-P1-Rds|p5:hc_provider_admin-p5"
    priv-lvl=15
    }
}

To set TACACS Plus authentication for new provider

  1. Log in to Harmony Controller as super-admin.

  2. Create a new provider and activate the provider-admin user account. On activation page, user can set the authentication type for the provider.

    _images/TACACS.png
  3. Select TACACS Plus from the Select Authentication drop-down. Enter Comma separated TACACS Hosts, Port, Retries, and a Shared Secret key to encrypt password.

  4. Click Validate to validate the details.

    _images/auth-serv-validn1.png

Harmony Controller does not store user ID and password that you provide. User must test or authenticate the connection on the remote server. A confirmation message is displayed on successful validation.

  1. Click Save.

To configure authentication process for provider login

  1. Log in to Harmony Controller as provider-admin.

  2. Go to Organization > Authentication > Change Authentication Provider page.

    _images/edit-config-tacacs.png
  3. Select TACACS Plus from the Authentication Type drop-down. Enter Comma separated TACACS Hosts, Port, Retries, and a Shared Secret key to encrypt password.

  4. Click Validate to validate the details.

    _images/auth-serv-validn1.png

Harmony Controller does not store the user ID and password that you provide. User must test or authenticate the connection on the remote server. A confirmation message is displayed on successful validation.

  1. Click Save.