Product Support

Product FAQs

QUESTION

How to configure authentication services using TACACS+ server for Windows PCs on NPort 6000 series

SOLUTION

1. Download 

Download the basic (free) version tacacs.net by clicking on the following link:  http://www.tacacs.net so that the TACACS server can be installed on your computer. 
 
2. Installation 

  • Run the TACACSSetup_v*.exe installation wizard. Follow all instructions provided by the installation wizard during the installation of the server. 

  • During the wizard setup you have the possibility to enter a customized shared secret.  In this example 1234567890 was entered.  If you would like to change this later, you can do so in clients.xml. 

  • The wizard will install the configuration and log files to different locations depending on your operating system. See the readme.rtf file provided automatically after the installation in the Program Menu for the location of installed files. 

  • 3. Configuration of the TACACS server 

  • 3.1- Open the .xml files   
    To carry on the TACACS server configuration, open the Configuration file located in the TACASCS.net file. In the Configuration file you will find three different .xml files that have to be modified.  
    - authentication.xml 
    - clients.xml 
    - tacplus.xml 
     Eventually move properties from Read-Only to Read-Write. 

      
    Note 1: Before xml files are modified it is recommendable to first create a backup of them in case that they need to be restored later. 

 

  •    3.2- Edition of the authentication.xml file    

Here it is possible to set desired usernames and passwords according to the number of users that have access to the server. To do the text edition on the username and password fields, remove the comments marks <!--  from the code  in the UserGroup section. 
  
In this example one group name, username and password for one server user is showed 
  
•Add group name: Network Engineering (name of the group) 
•Add username: admin (or username) 
•Add password: (in our example gabrieltest)  
3.3- Edition of the Clients.xml file 
  
- Confirm the shared secret defined during the installation. 
If the shared secret was not entered during the installation, it is possible to enter it here too. 
In this example the shared secret 1234567890 was used. 
  
-Add the IP of the client device (in this case the NPort´s IP address).3.4- Edition of the Tacplus.xml file 
Enter the IP address of the computer where the TACASCS server is installed.  

 

  • 4. Verification 

  • Check configuration for syntax errors by running the TACVerify utility. It can be found in the Program Menu. If the tool detects any errors, go back and fix them and run the utility again. 

  • 5. Test 

  • 5.1- To avoid errors during the test it would be better if the firewall of the computer, where the server is running, is disabled. 
    5.2- Check if the TACACS service is running on the Services Management Console: Start > Control Panel > Administrative Tools > Services. In case that the TACACS service is not running, start this service. 
    5.3- Run the TACTest utility to verify that the system is working correctly. It can be found in the Program Menu. 

  • When the cmd prompt is opened, write the following command using your configured values: 
    tactest –s server ip  -k mykey -u myuser -p mypassword 
    where 

    server ip: IP of the computer where the server runs 

    mykey: Shared Key 

    myuser: Username 

    mypassword: Password 

     

    For this example: 

    tactest –s 192.168.127.1 -k 1234567890 -u admin -p gabrieltest 

  • If the server is working fine, the following result appears under SUMMARY STATISTICS. Now the server is ready to be used in connection with the NPort. 
    Note: If the server has any problem to start please verify that the computer, where the server runs, is using the port 49 used for the TACACS service (command netstat –a  to check used ports).