Defining a server-side TACACS+ group

A TACACS+ group or role can contain the same attributes as user accounts. By inference, all the attributes of a group can be assigned to any user to whom the group is assigned. The TACACS+ group, while functionally similar to the Extreme role concept, has no relation with the value of the "brcd-role" attribute.

The following example defines a TACACS+ group.

group = admin {
# group admin has a cleartext password which all members share
# unless they have their own password defined
chap = cleartext "my$parent$chap$password"
}

The following example assigns the user "Extreme" with the group "admin".

user = Extreme {
member = admin
pap = cleartext "pap password"
}