...
| Anchor | ||||
|---|---|---|---|---|
|
To support TACACS+ authentication and authorization through NetMRI, you configure a custom service,
infoblox, on the T+ server, and then define the user names and group names in the infoblox service's custom attribute na-group. (These services and attributes can be named differently according to preference; we use these values by convention in this document.)Ensure that you apply each user group to the custom service
infoblox (or however you choose to name the custom service). On NetMRI, you add the remote groups with the same names to the authentication service. When the TACACS+ server responds to an authentication and authorization request relayed from NetMRI and the response includes the na-group custom attribute, NetMRI matches the group name with the group in the authentication service and automatically assigns the admin to that group.If you will use T+ only for authentication, the user accounts must all be defined in NetMRI with the User DIs IDs matching the declared values on the T+ server. These accounts must be locally configured on NetMRI with the roles assigned to their specified device groups.
If you will use T+ for both authentication and authorization, and the configurations are done in the T+ server configuration file, the successfully authenticated and authorized users will be dynamically created in NetMRI with the roles defined through the configurations in the Authentication Service configured in NetMRI.
...
If the test user name or password is incorrect, access is rejected. Access will also be rejected if no NetMRI Role is defined for the test user, on the NetMRI system.
8 . You can elect select to use TACACS+ only for authentication. In such cases, check the Disable authorization check box.
...