This article describes how to configure TACACS+ based User Authentication for Versa Director.


Please refer to ref deployment diagram here


Prerequisite :

  1. Versa Director is installed and at least one Parent organization is Created
  2. TACACS+ server is also installedWe have installed tac_plus server version F4.0.4.26 on Ubuntu 14.04
  3. Versa Director and tacacs+ servers have reachability between them
  4. TACACS+ server is listening on standard port on 10.192.78.151 in the management segment (eth0)

 

Step 1: Add Versa specific configuration to TACACS+

  1. Open the tacacs configuration file as sudo user “sudo vi /etc/tacacs/tac_plus.conf
  2. Configure the Key (This key will be used on the connector defined on Versa Director )

       


 

  1. Add Versa specific configuration such as Group and associated User to this configuration file

We have added a group "ProviderDataCenterAdminGroup” and “TenantDashboardOperator" with cleartext password and we have defined the service "test" where we define the values to the attributes Versa-Role and Versa-GUI-Idle-TimeOut


 


 


 


 

  1. Define user "Tom" to be member of "ProviderDataCenterAdminGroup”. And “Alex “ to be a member of “TenantDashboardOperator”

       


 


 

  1. For the configuration to take effect, we must stop and start the tacacs service.
    To stop the tacacs service use following command
    sudo /etc/init.d/tac_plus stop

    To start the tacacs service use following command
    sudo /etc/init.d/tac_plus start


 


 


 

Step 2 :

Go to Administration >Connectors >Authentication > Click on + Button

Select Tacacs

IP address: IP address of Tacacs Server

Port: 49  (Default Port of TACACS + server )

SecretString :It is the same Key configured in Step 1


 


 


 

Step 3:

Go to Administration > Organization >Select the Parent Org

Add the Tacacs Connector ,which was created in Step 1


 


 


 

Step 3:Login to the Versa Director With users created on TACACS server

We can login to Versa Director Web UI using the user "Tom" : member of "ProviderDataCenterAdminGroup”.

Username in this case will be Tom@System and password is what we defined in TACACS server configuration file.

It is important to note that Provider users will need to use format username@System.


 


 


 


 


 

For organizational users, the format is username@Org-name. We can login to Versa Director Web UI using the user "Alex" : member of “TenantDashboardOperator”.

Username in this case will be Alex@Tenant1 (here Tenant1 is the tenant organization name) and password is what we defined in TACACS server configuration file.