Miscellaneous Procedures > Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers > Configuring Groups for TACACS+

Configuring Groups for TACACS+
The following list defines the values that must be defined when configuring a group with TACACS+ authentication.
The TACACS+ administrator must add each user to a group. To give a user administrative access, the user must be added to the admin group.
On the OnSite, the TACACS+ authentication server must be configured for raw access, in either of the two ways shown in the following table:
Follow the procedure in To Configure a TACACS+ Authentication Server [Expert], making sure to check the “Enable Raccess Authorization” checkbox.
To Configure Groups for TACACS+
Perform this procedure by editing the AA database on the TACACS+ server. These additions can be made through a GUI. The example shows a declaration that would need to be added to the AA database if a GUI is not available.
Add the raccess service to each user’s configuration and define the group_name to which each user belongs.To give a user administrative access, make the group_name = admin.
user = username {
global = cleartext “group password” {
 
service = raccess {
group_name = groupname ;
}
}

Miscellaneous Procedures > Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers > Configuring Groups for TACACS+