How to add network device groups/users to Tacacs using API or perl/Expect

Unanswered Question

Hi: our group today adds new network device groups, devices, users manually to tacacs using Web GUI. I am trying to automate this process. I have the capability to connect to database and insert/update/delete records from our trouble ticketing system or run Expect like scripts. Is there anyway to use this capability to perform these functions?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
darpotter Fri, 01/09/2009 - 01:06

Hi Ravi

Check out the RDBMS Sync feature in ACS. You basically add transaction rows into a table (csv or odbc based) which ACS processes. You can add/configure users and groups, devices and device groups.

ACS can run the import on a scheduled basis too.

The ACS docs are here:

with specific descriptions of the actions codes you need here:

Hi: thanks for the details. This is what my TACACS administrator recommended as well. The only problem with this solution, I have no way of knowing if the import created my transactions successfully other than logging into the GUI in looking for the entry. I want my system to know if a new request the system requested was successfully completed and eliminate manual intervention as much as possible. I was hoping there is some command I can execute with the csv file as a option and look at the return code to decide if the action was successful. Let me know if you have any comments.



lanstreamer Fri, 01/09/2009 - 01:09

If you are using ACS 4.x and possibly earlier there are some fairly basic import functions for users, NDGs etc available using the csutil.exe utility on the ACS Windows server.

You have to create a text file in a particular format then run the csutil utility on the master ACS server to import.

Check out

I had heard that ACS 5.0 was going to introduce APIs to make system administration and integration with other systems easier but reading through the documentation available on cco as of now there's no sign of that yet.

Hope that helps.


This Discussion