Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
4
Replies

How can Tacacs+ be used to control very specific CiscoWorks 2k access?

colsen
Level 1
Level 1

‎06-26-2002 11:40 AM - edited ‎03-01-2019 10:50 PM

I'm well aware how to control local users in CW2K with Roles. What about on the Tacacs+ server? In CiscoSecure ACS, I am not aware of any specific CW2K security settings. All info appreciated!

URL would be great!

Labels:
0 Helpful
4 Replies 4

rmushtaq
Level 8
Level 8

‎06-26-2002 11:54 AM

See http://www/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_d/5steditn/gs_guide/setup.htm which has a section on 'Using the Pluggable Authentication Modules' and have steps on how to set this up with CW2K

0 Helpful

colsen
Level 1
Level 1
In response to rmushtaq

‎06-26-2002 12:46 PM

Thanks for the response.

However I do know how to setup the "New Login Module" for Tacacs+. I am familiar with how CiscoWorks 2K can borrow the security from a Tacacs server.

My question remains:

How do I setup and control VERY specific user access with the Tacacs+ plugin from a tacacs server on CW2K?

Example: The above is all installed with the Tacacs plugin. Joe logs into Ciscoworks, and is authenticated via the Tacacs server. Later Fred logs into Ciscoworks, also authenticated via the Tacacs server.

How, very specific steps, do I ensure Joe is only a CW2K helpdesk user, but Fred can do advanced CW2K features, edit ACL, config editor, etc.

Again, I know exactly how to do these steps with Local CW2k users, but how precicely do I do this with Tacacs server?

URL great., if it exists.

Thanks!!!!

0 Helpful

grayd
Level 1
Level 1
In response to colsen

‎06-26-2002 01:00 PM

You will use the TACACS+ server to provide authentication; however, CiscoWorks will continue to provide authorization for the users. In other words, create a local account with network administrator rights called "Fred" and create a local account with help desk rights called "Joe". When either of the users logs into CiscoWorks, the TACACS+ server will authenticate their password. However, the accounts will be assigned access based on the local user account of the same name. If you do not specify a local account, but the TACACS+ account exists, the user will be given access to CiscoWorks with help desk rights.

I hope this helps.

0 Helpful

rmushtaq
Level 8
Level 8

‎06-26-2002 03:42 PM

TACACS+ will give you only the authentication, the user roles still need to be created and managed in the local CW2K database via Server configuration.

0 Helpful
Customers Also Viewed These Support Documents