A user authentication server TACACS+ allows authorizing users on TACACS+ servers. When authorizing a user via a TACACS+ server, UserGate sends user credentials to the TACACS+ servers, which, in turn, notify UserGate whether the authentication was successful or not.
TACACS+ servers cannot provide a property of users to UserGate, so that if you have not registered them in UserGate beforehand (e.g. as local users or via LDAP connector), then you will be able to use only Known (i.e. authorized on a Radius server) or Unknown (failed to authorize on a Radius server) users in your security policies.
To create a TACACS+ authentication server, click Add, select Add a TACACS+ server and provide the following parameters:
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables a given authentication server |
|
Server name |
Name of the authentication server. |
|
Secret key |
A public key used by TACACS+ for authentication. |
|
Address |
IP address of the TACACS+ server. |
|
Port |
A UDP port on which a TACACS+ server will be listening for authentication requests. By default, UDP 1812 is used. |
|
Use a single connection |
Use a single TCP connection for communications with a TACACS+ server. |
|
Timeout (sec) |
Period during which authentication from a TACACS+ server will be awaited. By default, the timeout is 4 seconds. |