Defining services in TACACS Server

Unanswered Question
Nov 10th, 2009

I have to define the following IPSO-specific service in your TACACS+ server:

service = nokia-ipso {

Nokia-IPSO-User-Role = "role_name_on_IPSO"

Nokia-IPSO-SuperUser-Access = <0|1>

}

How can I do it?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
darpotter Wed, 11/11/2009 - 03:21

To add a custom service to ACS...

Goto "Interface Configuration" then "TACACS+ (Cisco IOS)" and in the "New Services" section enter your new service "nokia-ipso" plus tick the user & group checkboxes. You might need to add "ip" as the protocol depending on what the actual T+ requests look like.

When you next edit a user or group you'll see a new TACACS+ service into which you can enter your custom attributes:

Nokia-IPSO-User-Role=role_name_on_IPSO

Nokia-IPSO-SuperUser-Access=<0|1>

Note that only very basic syntax checks are applied, basically as long as eahc line has somehing=something ACS will not complain, so its up to you to make sure the values are correct.

Actions

This Discussion