Chapter 4
Managing GSS User Accounts Through a TACACS+ Server
Configuring a TACACS+ Server for Use with the GSS
Note
Configuring Authentication Settings on the TACACS+ Server
OL-10410-01
Table 4-1
TACACS+ Configuration Quick Start (continued)
Task and Command Example
Enable the TACACS+ authorization service to permit or restrict user access
6.
to specific GSS CLI commands, as defined by the TACACS+ server.
gssm1.example.com(config)# aaa authorization commands
Enable the TACACS+ accounting service to monitor the use of specific CLI
7.
commands and GUI pages by each GSS user.
gssm1.example.com(config)# aaa accounting commands
This section describes how to set up a TACACS+ server, such as the Cisco Secure
Access Control Server (ACS). It is intended as a guide to help ensure proper
communication with a TACACS+ server and a GSS operating as a TACACS+
client. For details on configuring the Cisco Secure ACS, or another TACACS+
server, see the documentation provided with the software.
This section contains the following topics:
Configuring Authentication Settings on the TACACS+ Server
•
Configuring Authorization Settings on the TACACS+ Server
•
•
Configuring Accounting Settings on the TACACS+ Server
For the GSS to properly perform user authentication using a TACACS+ server, the
username and password must be identical on both the GSS CLI and the TACACS+
server.
To configure the authentication settings on Cisco Secure ACS, perform the
following steps:
Proceed to the Network Configuration section of the Cisco Secure ACS
1.
HTML interface, the Add AAA Client page (see
Configuring a TACACS+ Server for Use with the GSS
Cisco Global Site Selector Administration Guide
Figure
4-2).
4-5