Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
5
Helpful
1
Replies

Defining services in TACACS Server

Ahmed Shahzad
Level 1
Level 1

‎11-10-2009 05:29 PM - edited ‎03-10-2019 04:47 PM

I have to define the following IPSO-specific service in your TACACS+ server:

service = nokia-ipso {

Nokia-IPSO-User-Role = "role_name_on_IPSO"

Nokia-IPSO-SuperUser-Access = <0|1>

}

How can I do it?

Labels:
0 Helpful
1 Reply 1

darpotter
Level 5
Level 5

‎11-11-2009 03:21 AM

To add a custom service to ACS...

Goto "Interface Configuration" then "TACACS+ (Cisco IOS)" and in the "New Services" section enter your new service "nokia-ipso" plus tick the user & group checkboxes. You might need to add "ip" as the protocol depending on what the actual T+ requests look like.

When you next edit a user or group you'll see a new TACACS+ service into which you can enter your custom attributes:

Nokia-IPSO-User-Role=role_name_on_IPSO

Nokia-IPSO-SuperUser-Access=<0|1>

Note that only very basic syntax checks are applied, basically as long as eahc line has somehing=something ACS will not complain, so its up to you to make sure the values are correct.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents