Defining services in TACACS Server

Unanswered Question
Nov 10th, 2009
User Badges:

I have to define the following IPSO-specific service in your TACACS+ server:

service = nokia-ipso {

Nokia-IPSO-User-Role = "role_name_on_IPSO"

Nokia-IPSO-SuperUser-Access = <0|1>


How can I do it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
darpotter Wed, 11/11/2009 - 03:21
User Badges:
  • Silver, 250 points or more

To add a custom service to ACS...

Goto "Interface Configuration" then "TACACS+ (Cisco IOS)" and in the "New Services" section enter your new service "nokia-ipso" plus tick the user & group checkboxes. You might need to add "ip" as the protocol depending on what the actual T+ requests look like.

When you next edit a user or group you'll see a new TACACS+ service into which you can enter your custom attributes:



Note that only very basic syntax checks are applied, basically as long as eahc line has somehing=something ACS will not complain, so its up to you to make sure the values are correct.


This Discussion