2.4.6.1.1 Creating TACACS+ Managed Users (Optional)

The configure command supports the creation of TACACS (Terminal Access Controller Access-Control System Plus) managed users on DSR servers. Add -u, -g, and -G when running the command to create users immediately and assign them to the specified primary and secondary groups.

The -u flag supports multiple users in a comma-separated format.

The -g flag provides the primary group for the specified users, and if not provided, admgrp is set as the default primary group.

The -G flag supports adding users to secondary groups, allowing a user to be part of multiple groups. Run the following command:

/usr/TKLC/appworks/bin/tacacsCliAuthentication.sh configure -s <TACACS_SERVER_IP> -k <SHARED_SECRET> -p <PROTOCOL> -S <SERVICE> [-t <TIMEOUT>] 
         -u <USER_1>[,<USER_2>] -g <PRIMARY_GROUP> -G <SECONDARY_GROUP_1>[,<SECONDARY_GROUP_2>]

The configure command also supports the --hostnames flag, which allows TACACS+ configuration to be applied selectively on specified servers of a topology. For more information on --hostnames flag see Targeting Specific Servers.

To verify user creation on the DSR system, run the following command by replacing <TACACS_USER> with the username provided in the -u flag of the configure command:

id <TACACS_USER>