From 6f8c3035102342d2fca7d7109b35954b7a9c5124 Mon Sep 17 00:00:00 2001 From: aslanvyos <126803786+aslanvyos@users.noreply.github.com> Date: Fri, 22 Sep 2023 16:33:23 +0400 Subject: Update login.rst RADIUS and TACACS configuration examples were added. Also mentioned if there is no connection between VyOS and RADIUS/TACACS servers users need to use local accounts for authentication. --- docs/configuration/system/login.rst | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'docs') diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst index bb7bdc86..0cbcecde 100644 --- a/docs/configuration/system/login.rst +++ b/docs/configuration/system/login.rst @@ -275,6 +275,22 @@ Configuration Source all connections to the RADIUS servers from given VRF ``. +Configuration Example +--------------------- + +.. code-block:: none + + set system login radius server 192.168.0.2 key 'test-vyos' + set system login radius server 192.168.0.2 port '1812' + set system login radius server 192.168.0.2 timeout '5' + set system login radius source-address '192.168.0.1' + + + If there is no communication between VyOS and RADIUS server users can + authenticate from local user accounts. During authentication from the local + accounts users can observe some timeouts. Timeout in seconds depends on + the configured timeout option. + .. hint:: If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users. @@ -328,6 +344,18 @@ Configuration Source all connections to the TACACS servers from given VRF ``. +Configuration Example +--------------------- + +.. code-block:: none + + set system login tacacs server 192.168.0.2 key 'test-vyos' + set system login tacacs server 192.168.0.2 port '49' + set system login tacacs source-address '192.168.0.1' + + + If there is no communication between VyOS and TACACS server users can + authenticate from local user accounts. Login Banner ============ -- cgit v1.2.3