- play_arrow Overview
- play_arrow Circuit to Packet System Overview
-
- play_arrow Installation
- play_arrow Installation Tasks Overview
- play_arrow Installation and Upgrade Tasks for the CTPView Server OS and CTPView Software
- Installing or Upgrading the CTPView Server OS
- Saving the CTPView Configuration Settings and Data (CTPView Server Menu)
- Creating More Disk Space on the CTPView Server (CTPView)
- Creating More Disk Space on the CTPView Server (CTPView Server Menu)
- Installing the CTPView Server OS (CTPView Server CLI)
- Restoring CTPView Software Configuration Settings and Data (CTPView)
- Restoring CTPView Software Configuration Settings and Data with the Restore Utility (CTPView Server Menu)
- Restoring CTPView Software Data by Manually Synchronizing the CTPView Server (CTPView)
- Reviewing the Installation Log for Errors (CTPView Server CLI)
- Verifying the CTPView Server OS Installation (CTPView)
- Validating the CTPView Server Configuration (CTPView)
- play_arrow Upgrade Tasks for Only the CTPView Software
- play_arrow Configuration Tasks for CTPView Administrative Settings
- Configuring the CTPView Administrative Settings
- Preparing a New Server
- Changing the BIOS Menu Password (CTPView Server CLI)
- Changing the Server's Default User Account Password (CTPView Server CLI)
- Changing the Server's Root Account Password (CTPView Server CLI)
- Changing the GRUB Boot Loader Password (CTPView Server Menu)
- Changing the PostgreSQL Apache Account Password (CTPView Server Menu)
- Changing the PostgreSQL Administrator Account Password (CTPView Server Menu)
- Configuring the Network Access (CTPView Server Menu)
- Creating a Self-Signed Web Certificate (CTPView Server Menu)
- Renewing a Self-Signed Web Certificate (CTPView Server Menu)
- Updating the CTPView Software
- Logging In with a Browser (CTPView)
- Changing the CTPView GUI Default User Account Password (CTPView)
- Creating a New Global_Admin Account (CTPView)
- Changing the User Password (CTP Menu)
- Enabling OpenSSL Authentication of Users by Creating a Self-Signed Web Certificate (CTPView Server Menu)
- Importing Certificates Issued by a Third-Party CA (CTPView Server Menu)
- Configuring Subdomains in Hostnames (CTPView Server Menu)
- play_arrow Configuring the CTPView Server on Virtual Machines
- play_arrow Upgrade Tasks for CTPOS
- play_arrow Default Accounts and Passwords
- play_arrow Understanding CTPView Upgrade Files
-
- play_arrow Troubleshooting
- play_arrow Validating the CTPView Server System Configuration
- play_arrow Restoring CLI Access to the CTPView Server
- Restoring Access to a CTPView Server
- Accessing a Shell on the CTPView Server (CTPView Server CLI)
- Setting a New Password for a Nonroot User Account (CTPView Server CLI)
- Setting a New Password for a Root User Account (CTPView Server CLI)
- Creating a Nonroot User Account and Password (CTPView Server CLI)
- play_arrow Restoring Browser Access to a CTPView Server
- play_arrow Changing a CTPOS User Password
- play_arrow Booting the CTPView Server from the CD-ROM Drive
- play_arrow Restarting the Apache Daemon In the Event of Browser Issues
- play_arrow Displaying Jitter Statistics in MIBs and Supporting Acorn MIB for Daemon Model
- play_arrow Knowledge Base
-
Configuring the TACACS+ Server
When installed on a server that uses the CentOS operating system, CTPview allows the TACACS+ authenticated user to log in through SSH and HTTPS.
Users are authenticated in the following order:
By the TACACS+ server
By the local user account
You can add the same user to the TACACS+ server and the local CTPView system.
Configuring the TACACS+ Server’s Configuration Files
You can use any TACACS+ server that complies with the TACACs+ RFC "The TACACs+ Protocol" (January 1997). You can download the TACACs+ server that we refer to here (v1.2) from the TACACs.net website at http://tacacs.net/download.asp. This version contains four configuration files. To modify the configuration files, you must log in to the TACACs+ server as an administrator.
Authentication.xml—Modify this file to add a new user on the TACACS+ server. To add a new user, you must a add new user group and the user under the <UserGroups> tag.
content_copy zoom_out_map<UserGroups> <UserGroup> <Name>TACACS_User1</Name> <AuthenticationType>File</AuthenticationType> <Users> <User> <Name> TACACS_User1</Name> <LoginPassword ClearText="PASSWORD" DES=""> </LoginPassword> <EnablePassword ClearText="" DES=""></EnablePassword> <CHAPPassword ClearText="" DES=""> </CHAPPassword> <OutboundPassword ClearText="" DES=""> </OutboundPassword> </User> </Users> </UserGroup> </UserGroups>
Authorization.xml—Modify this file to define the authorization level for the user. To define authorization levels, you must add the user group added in Authentication.xml file to this file under the <Authorization> tag.
content_copy zoom_out_map<Authorization> <UserGroups> <UserGroup>TACACS_User1</UserGroup> </UserGroups> <Services> <Service> <Set>service=juniper_ctp_srvc</Set> <Set>protocol=unknown</Set> <Set>juniper_ctpview_https=1</Set> </Service> </Services> </Authorization>
The CTP device uses the juniper_ctp_srvc service to access TACACS+ . This service is used only to access TACACS+ and cannot be changed in the Authorization.xml file.
To define the authorization level, you can assign a user to any or all of the following groups:
CTP Device CLI–SSH
CTPView CLI–SSH
CTPView Web–HTTPS
The level of authorization for each user is specified in the <Set> tag under the <Service> tag.
Use the attributes and values shown in Table 1 for HTTPS access to CTPView.
Table 1: Attributes and Values for HTTPS Access Attribute
Value
Global_Admin
juniper_ctpview_https=1
Net_Admin
juniper_ctpview_https=2
Net_View
juniper_ctpview_https=3
Net_Diag
juniper_ctpview_https=4
Use the attributes and values shown in Table 2 for SSH access to CTPView.
Table 2: Attributes and Values for SSH Access to CTPView Attribute
Value
Web Manager
juniper_ctpview_cli=1
System Admin
juniper_ctpview_cli=2
Auditor
juniper_ctpview_cli=3
Use the attributes and values shown in Table 3 for SSH access to CTP devices.
Table 3: Attributes and Values for SSH Access to CTP Devices Attribute
Value
Read_Only
juniper_ctp_cli=1
Admin
juniper_ctp_cli=2
Privileged_admin
juniper_ctp_cli=3
Auditor
juniper_ctp_cli=4
On the TACAS+ server, you can also modify these files:
Clients.xml—Modify this file to add the secret key and the domains that can use the TACACS+ server.
Tacplus.xml—Modify this file to add the remote port number and the IPV4 or IPv6 addresses assigned to the TACACS+ server.
content_copy zoom_out_map<Port>49</Port> <LocalIP>Write your TACACS+ machine’s IP here</LocalIP>
Modify the parameters specified in Table 4 if required.
Table 4: Attributes for Configuring Tacplus.xml File Parameter
Function
Port
The default port number is 49.
LocalIP
Specify the IP address of the TACACS+ server. You can enter an IPV4 or IPV6 address.
Before you enter an IPv6 address, ensure that both the TACACS+ server and CTPView server or the CTP device supports IPV6.