Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Clish/Expert Access with TACACS

 

Hi,

I've got TACACS+ set up (VSX Cluster). I can use my AD credentials to log in to Smart Dashboard but i cant do the same for CLI or Expert on my gateways.

I believe i need to do some configuration on the CLI but i cant get the appropriate SK to get this done.

Would appreciate some direction/help. I tried creating a User/rba but it requires setting up a password on the gateway which defeats the purpose of syncing with AD and TACACS server

Thank You

0 Kudos
4 Replies
Highlighted
Admin
Admin

0 Kudos
Highlighted

AD Authentication is not supported at all on GAIA. A TACACS+ user does not have to be created on GAIA though. All you need to do is setup the TACACS connection:
add aaa tacacs-servers priority 1 server 1.2.1.3 key ***** timeout 5
set aaa tacacs-servers state on
set aaa tacacs-servers user-uid 0
set aaa radius-servers super-user-uid 96
add rba role TACP-0 domain-type System all-features

That should suffice, how the TACACS server itself will handle the request for the user that is not there in the user list, I don't know, we are also struggling with that part of the implementation.
Regards, Maarten
0 Kudos
Highlighted
Nickel

Thanks Maarten,

The config you provided actually worked. On the other hand i could not login to expert mode with the my AD password

0 Kudos
Highlighted
Admin
Admin

Yes, you have to enter the actual "expert" password to enter expert mode.
That password cannot be controlled via TACACS.
Thus my earlier suggestion about moving the necessary commands into clish so expert mode does not have to be entered.
0 Kudos