locked
Need To Set up Tacacs+ in server 2008 RRS feed

  • Question

  • Can any one help me to configure TACACS+ in windows 2008 server,

    can any one provide me any step by step document  to configure , this is my task given to me but i don't have idea ,please help

    my mail id: karthik0783@gmail.com

    Wednesday, November 7, 2012 10:33 AM

Answers

  • Hi,

    To configure a TACACS authentication server on Forefront Unified Access Gateway (UAG):

    1. In the Forefront UAG Management console, on the Admin menu, click Authentication and Authorization Servers.
    2. On the Authentication and Authorization Servers dialog box, click Add.
    3. In the Server type list, click TACACS.
    4. On the Add Authentication Server dialog box, configure the following server settings:
      • Server name—Name of the server or repository. This name is used when you select the server or repository during the configuration of Forefront UAG. It is also displayed to end users when they are prompted to select a server during authentication.
      • IP address/host—IP address or host name of the TACACS server.
      • Port—Port number of the TACACS server.
      • Alternate IP/host—IP address or host name of the alternate TACACS server.
      • Alternate port—Port number of the alternate TACACS server.
      • Secret key—The secret key that is used to encrypt and decrypt the user password. The key you define here must be identical to the secret key assigned for the Forefront UAG client in the TACACS authentication server.
      • Use a different server for portal authorization—Applicable in portal trunks only. Select this check box to use a different server, where users and user groups are defined, for application authorization. In this case, selecting the TACACS server for application authorization, brings users and user groups from the associated server rather than from the TACACS server.
      • Select server—Click the server to use for application authorization. You can use one of the following:
            
        • Any of  the configured authentication servers where users and user groups are  defined, such as, NT Domain or Notes Directory.  
        • Built-In  Users/Groups—Use the computer’s Windows Local Users and Groups console.  To access the console, click Launch Local Users and Groups console.

      

    Selecting this option does not enable you to define the local   computer’s Windows Local Users and Groups console as an authentication   server. To define the local computer as the authentication server, select the   NT Domain server-type, and enter the name of the local computer in the NT   Domain field.

    1. On the Add Authentication Server dialog box, click OK, and then on the Authentication and Authorization Servers dialog box, click Close.

    For more information please refer to following MS articles:

    Configuring TACACS authentication
    http://technet.microsoft.com/en-us/library/dd857300.aspx
    Configuring TACACS authentication in IAG
    http://technet.microsoft.com/en-us/library/dd278026.aspx
    TACACS + server on windows 2008 R2 OS with AAA authentication
    http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/c8604bbf-ca70-4571-9bed-eccda2c5e8a9


    Lawrence

    TechNet Community Support

    • Marked as answer by Lawrence, Friday, November 16, 2012 2:18 AM
    Friday, November 9, 2012 8:31 AM