Question: How to configure and authenticate Versa Director using TACACS?


Answer:

Configuring External Authentication Connector

Follow these steps to configure the external authentication connectors:

In the Versa Director, select Administration > Connectors > Authentication and click to Add Authentication Connector.

Enter these details and click OK.

Field
Description
Name

Name of the authentication connector.

Server Type       
Select one of these servers:
  • LDAP
  • Radius
  • TACACS
  • Active Directory
IP Address
Specify the IP address of the server.
Port
Specify the port number of the server.
Secret String
Specify the secret string of the server.
Default Connector
Enable the connector as default connector.

Associating Organization with the Default Connector

Follow these steps to associate the organization with the default connector:

  1. Select Versa Director > Administration > Organizations to view the organization list.
  2. Select an entity in the Organization Name column to open the Edit Organization window. Select the server type from the Authentication Connector drop-down menu and click OK.NOTE: Repeat the above-mentioned steps when you want to configure the LDAP, Radius and Active Directory.

To complete the integration process you must add Versa specific configuration to the TACACS+ server and tac_plus server version F4.0.4.26 on Ubuntu 14.04 which acts as the prerequisite for doing this configuration.

Configuring TACACS+ Server

        Follow these steps to configure the TACACS+ server:

  1. Login to the SSH mode of TACACS+ server.
  2. Run the sudo vi /etc/tacacs/tac_plus.conf shell command to open the TACACS configuration file.
  3. The encryption key defined in the top section must match with the encryption key of the connector defined on the Versa Director.
  4. Add a group "ProviderDataCenterAdminGroup" and provide a password in cleartext format.
  5. Create a "test" service and provide the attribute values such as Versa-Role and Versa-GUI-Idle-TimeOut.
  6. Create a user "Alice" to be a member of this group.
  7. Save the changes and exit. You must stop and start the TACACS service for the configuration to take effect.
  8. Run the sudo /etc/init.d/tac_plus stop shell command to stop the TACACS service.
  9. Run the sudo /etc/init.d/tac_plus start shell command to start the TACACS service.
  10. Login to the Versa Director GUI using the username Alice@System and password is what you defined in TACACS server configuration file.


Please check the authentication logs on the director  under /var/log/vnms/ncs/vnms-external-auth.log and confirm if the below fields are populated in the response from the ISE/TACACS server - if not please ensure that you check the profile configuration on the ISE end