HP StorageWorks Enterprise File Services WAN Accelerator 2.1.5 deployment guide (June 2006)
100 9 - RADIUS AND TACACS+ AUTHENTICATION
"monitor" Auth-Type := Local, User-Password == "radmonitor"
Reply-Message = "Hello, %u"
"raduser" Auth-Type := Local, User-Password == "radpass"
Local-User = "monitor", Reply-Message = "Hello, %u"
7. Start the server using /usr/local/sbin/radiusd. Use the -X option if you want to
debug the server.
NOTE: The raduser is the monitor user as specified by Local, User-Password.
Configuring a TACACS+ Server
with Free TACACS+
The following section assumes you are running the TACACS+ authentication system.
The TACACS+ Local User Service is rbt-exec. The Local User Name Attribute is
local-user-name. This attribute controls whether a user who is not named admin or
monitor is an administrator or monitor user (instead of using the HP EFS WAN
Accelerator default value). For the HP EFS WAN Accelerator, the users listed in the
TACACS+ server must have Password Authentication Protocol (PAP) authentication
enabled.
The following procedures install the free TACACS+ server on a Linux computer.
Cisco Secure can be used as a TACACS+ server.
To download
TACACS+
1. Download TACACS+ from:
http://www.gazi.edu.tr/tacacs/get.php?src=tac_plus_v9a.tar.gz
.
2. At your system prompt, enter the following set of commands:
>tar xvzf tac_plus_v9a.tar.gz
>cd tac_plus_v9a
>./configure
3. In a text editor, open the Makefile and uncomment the OS=-DLINUX line (or
other lines appropriate for the operating system of the host).
4. On Linux, in a text editor open the tac_plus.h file and uncomment the #define
CONST_SYSERRLIST line.
5. At the system prompt, enter:
>make tac_plus
6. As the root user, enter the following command:
>make install
7. Add users to the TACACS server by editing the /usr/local/etc/tac_plus.conf file.
For example:
key = testtacacs