User Group Fields Description

Documentation Tacacs Users User Groups User Group Fields Description

User group configuration example

  group = CiscoManger {
    #### LDAP Groups List #### DistinguishedName ###
    ### CN=tgui_DemoAccess,OU=Groups,OU=TacacsGUI,DC=win2008,DC=g33
    ### cn=Cisco_General,ou=tgui_groups,dc=openldap,dc=tgui
    enable = clear "123123"
    default service = permit
    ###Service cisco_max_15 START###
    service = shell {
      set priv-lvl = 14
      default cmd = permit
      ###CMD Attr no-debug START###
      cmd = no {
        deny /debug.*/
        permit .* # default permit any
        message deny = "No no no!"
      } #END OF CMD Attr no-debug
    } #END OF Cisco Router/Switch Service
    ###Service cisco_max_15 END###
###MANUAL CONFIGURATION START###
# here is manual configuration parameters
# use char # to make comment
###MANUAL CONFIGURATION END###
  } #END OF CiscoManger

Form Label Name	tac_plus Parameter	Description	Import/Variable name	Import/Value
Name required	group	The unique group name	name	string
Enable Password	enable	Enable password	enable	string
Type of storing enable	N/A	Select how to store enable password: Clear Text MD5 MD5 (hashed) Clone Login password	enable_flag	One of (number): 0 - Clear Text 1 - MD5 2 - MD5 (hashed)
Service	service	User can belong to several services. The first matched service will be applied. Service is a part of configuration that give NAS (device) information about authorization settings of a user.	N/A	N/A
Access Control List	acl		acl	One of (number): acl id acl name
Default Service Permit	default service	Allow any service request from NAS (device) if checked, else deny all unknown services from NAS (device).	default_service	One of (number): 0 - Deny 1 - Permit
Message	message	The message that will appeared after user log in	message	string
Access Control / Action For The List Below	N/A	There are two position: Permit ONLY below list (list of device and device group) Permit all EXCEPT list below (list of device and device group)	N/A	N/A
Access Control / Device List	server = permit/deny	Allowed or Denied (based on parameter above) device list for that user	N/A	N/A
Access Control / Device Group	server = permit/deny	Allowed or Denied (based on parameter above) device group list for that user	N/A	N/A
Manual Configuration	N/A	Configuration parameters based on Marc Huber manual. It will added after main configuration	manual	string
Valid From	valid from	Set lifetime for user	valid_from	date
Valid Until	valid until	Set lifetime for user	valid_until	date

TACACS

Reports

API

Plugins

Other

User group configuration example

Fields Description