Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.
NOTE: As of AWMS 7.0, ACS 5.0 is not supported. This condition may have changed in a later version of AirWave.NOTE: These instructions are for modifying the TACACS config file rather than entering the configuration changes via the TACACS GUI. Configuring TACACS via the GUI is the preferred method. See KB: Integrating an ACS (TACACS+) server to Authenticate AWMS Usershttp://kb.airwave.com/?sid=50140000000Mf9BNOTE: This is for authenticating users to access the AMP server, not for end users accessing APs.In the TACACS+ configuration file:1. Add a Shared secret 2. New service called AMP with a role attribute set to <AMP> under the "user = DEFAULT" section key = "<shared secret>"user = DEFAULT { default service = permit service = AMP { role = AMP }}Note: We also need to restart the TACACS+ server in order for the changes to take effect.If you have other settings in the TACACS+ configuration file for user groups, we can also define the AMP server under that section.3. Then enable TACACS+ on AMP from the AMP Setup > Authentication page: 4. Define the same role=AMP on the AMP Setup > Roles page.We can also look at the logs on the TACACS+ to see users authenticating:Thu May 15 12:29:13 2008 [17560]: Start authorization requestThu May 15 12:29:13 2008 [17560]: Authorizing user 'DEFAULT' instead of 'kaveh'Thu May 15 12:29:13 2008 [17560]: user 'DEFAULT' foundThu May 15 12:29:13 2008 [17560]: nas:service=AMP (passed thru)Thu May 15 12:29:13 2008 [17560]: nas:protocol=https (passed thru)Thu May 15 12:29:13 2008 [17560]: nas:absent, server:role=AMP -> add role=AMP (k)Thu May 15 12:29:13 2008 [17560]: added 1 argsThu May 15 12:29:13 2008 [17560]: authorization query for 'kaveh' Apache from 10.50.2.30 accepted
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.