Configure TACACS using CLI

Only users with the role SecurityAdmin or SystemAdmin can perform this task.

Note

Note

For details about the command and its parameters, see the ExtremeCloud Orchestrator Command Reference, 3.2.0 .
  1. Run the following command:
    efa auth tacacsconfig add -–host 10.24.15.200 -–port 49 --secret sharedsecret --protocol CHAP

    The command validates the attributes. If the validation is successful, the attributes are saved in the database. These details are used to validate user credentials and fetch the user role during token generation.

  2. Run the following role mapping command to map TACACS server roles with the XCO roles:
    efa auth tacacsconfig rolemapping add -–host 10.24.15.200 --tacacsRole=tacAdmin --xcoRole SystemAdmin

    The rolemapping command validates whether or not the host is already configured in XCO. If yes, then the command maps the TACACS role with the XCO supported role. Similarly, the deletion of the host from TACACS config also deletes the TACACS roles of the host already configured using role mapping.

    Example:

    efa auth tacacsconfig rolemapping add --xcoRole=SystemAdmin --tacacsRole=admin --host=10.37.135.12
    Successfully added the tacacs configuration.
    
    +--------------+-------------+-------------+----------------------------+
    | Host         | TACACS Role | XCO Role    | Description of XCO Role    |
    +--------------+-------------+-------------+----------------------------+
    | 10.37.135.12 | admin       | SystemAdmin | Complete privileges to all |
    |              |             |             | operations in the system   |
    +--------------+-------------+-------------+----------------------------+
    
    efa auth tacacsconfig rolemapping show
    +--------------+-------------+-------------+----------------------------+
    | Host         | TACACS Role | XCO Role    | Description of XCO Role    |
    +--------------+-------------+-------------+----------------------------+
    | 10.37.135.12 | admin       | SystemAdmin | Complete privileges to all |
    |              |             |             | operations in the system   |
    +--------------+-------------+-------------+----------------------------+
  3. Run the following command to reset LDAP configuration:
    efa auth ldapconfig reset --name kvm12.com --group-attribute --group-member-mappingattribute
    Reset LDAP configuration is successful
    efa auth ldapconfig reset --name kvm12.com --user-member-attribute
    Reset LDAP configuration is successful