Mapping roles to authorization attributes
Users who do not have a NetProfiler account must have both their authentication information (login name, password) and their authorization information specified on the TACACS+ server. The NetProfiler user roles must be mapped to their corresponding TACACS+ authorization attributes. more
Ensure that you know the authorization attributes the TACACS+ administrator is using and what values are assigned to them. The values on the TACACS+ server and the values on NetProfiler must match for the user to be logged on.
To map the NetProfiler user roles to TACACS+ authorization attributes:
-
Click Edit in the Roles-Attributes Mapping section of the TACACS+ tab of the Administration > Account Management > Remote Authentication page.
-
For the first NetProfiler user role, click Add new attribute to display an edit box.
-
Enter the TACACS+ authorization attribute.
-
Enter the value that is required for a TACACS+ authorized user to be logged on with this user role. This attribute/value pair must be defined on the TACACS+ server under the service that is specified on the NetProfiler Global TACACS+ Settings page. more
-
If applicable, click Add new attribute to add another mapping.
-
Continue with the next NetProfiler user role that is to be authorized by TACACS+.
-
For a Restricted role, specify the attribute/value pair necessary for limiting data resolution to automatic and specify the traffic filter attribute. more
-
When the NetProfiler user roles and permissions have been mapped to their corresponding TACACS+ authorization attributes and values, click Save.
-
If desired, click Test User to open a page on which you can specify a user name and password to be tested. When you click Run on this page, NetProfiler attempts to log the user in using TACACS+ authentication and reports the test results.