Monitoring, Management & Location Tracking

TACACS+ integration with AMP (via config file)

NOTE: As of AWMS 7.0, ACS 5.0 is not supported. This condition may have changed in a later version of AirWave.

NOTE: These instructions are for modifying the TACACS config file rather than entering the configuration changes via the TACACS GUI. Configuring TACACS via the GUI is the preferred method. 
See KB: Integrating an ACS (TACACS+) server to Authenticate AWMS Users
http://kb.airwave.com/?sid=50140000000Mf9B

NOTE: This is for authenticating users to access the AMP server, not for end users accessing APs.


In the TACACS+ configuration file:

1. Add a Shared secret 

2. New service called AMP with a role attribute set to <AMP> under the "user = DEFAULT" section 
key = "<shared secret>"
user = DEFAULT { 
default service = permit 
service = AMP 

role = AMP 
}
}
Note: We also need to restart the TACACS+ server in order for the changes to take effect.

If you have other settings in the TACACS+ configuration file for user groups, we can also define the AMP server under that section.

3. Then enable TACACS+ on AMP from the AMP Setup > Authentication page: 

4. Define the same role=AMP on the AMP Setup > Roles page.

We can also look at the logs on the TACACS+ to see users authenticating:

Thu May 15 12:29:13 2008 [17560]: Start authorization request
Thu May 15 12:29:13 2008 [17560]: Authorizing user 'DEFAULT' instead of 'kaveh'
Thu May 15 12:29:13 2008 [17560]: user 'DEFAULT' found
Thu May 15 12:29:13 2008 [17560]: nas:service=AMP (passed thru)
Thu May 15 12:29:13 2008 [17560]: nas:protocol=https (passed thru)
Thu May 15 12:29:13 2008 [17560]: nas:absent, server:role=AMP -> add role=AMP (k)
Thu May 15 12:29:13 2008 [17560]: added 1 args
Thu May 15 12:29:13 2008 [17560]: authorization query for 'kaveh' Apache from 10.50.2.30 accepted

Version history
Revision #:
1 of 1
Last update:
‎06-06-2014 03:01 PM
Updated by:
 
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.