06-26-2002 11:40 AM - edited 03-01-2019 10:50 PM
I'm well aware how to control local users in CW2K with Roles. What about on the Tacacs+ server? In CiscoSecure ACS, I am not aware of any specific CW2K security settings. All info appreciated!
URL would be great!
06-26-2002 11:54 AM
See http://www/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_d/5steditn/gs_guide/setup.htm which has a section on 'Using the Pluggable Authentication Modules' and have steps on how to set this up with CW2K
06-26-2002 12:46 PM
Thanks for the response.
However I do know how to setup the "New Login Module" for Tacacs+. I am familiar with how CiscoWorks 2K can borrow the security from a Tacacs server.
My question remains:
How do I setup and control VERY specific user access with the Tacacs+ plugin from a tacacs server on CW2K?
Example: The above is all installed with the Tacacs plugin. Joe logs into Ciscoworks, and is authenticated via the Tacacs server. Later Fred logs into Ciscoworks, also authenticated via the Tacacs server.
How, very specific steps, do I ensure Joe is only a CW2K helpdesk user, but Fred can do advanced CW2K features, edit ACL, config editor, etc.
Again, I know exactly how to do these steps with Local CW2k users, but how precicely do I do this with Tacacs server?
URL great., if it exists.
Thanks!!!!
06-26-2002 01:00 PM
You will use the TACACS+ server to provide authentication; however, CiscoWorks will continue to provide authorization for the users. In other words, create a local account with network administrator rights called "Fred" and create a local account with help desk rights called "Joe". When either of the users logs into CiscoWorks, the TACACS+ server will authenticate their password. However, the accounts will be assigned access based on the local user account of the same name. If you do not specify a local account, but the TACACS+ account exists, the user will be given access to CiscoWorks with help desk rights.
I hope this helps.
06-26-2002 03:42 PM
TACACS+ will give you only the authentication, the user roles still need to be created and managed in the local CW2K database via Server configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide