Authentication with Auth-Service and TACACS+

1min

In previous versions, the TACACS+ service was used for authentication. Version 2.20 now includes the Authentication service (Auth-Service), enabling authentication with either TACACS+ or Auth-service. To do so, configure TACACS+ or Auth-Service for authentication in Tomcat or the proxies’ config files. There is no relation between these two services, and they work separately.
If a device requires TACACS+ authentication, the LDAP configuration settings on the TACACS+ Management page must be adjusted. TACACS+ does not refer to LDAP configurations on the LDAP Manager page, whereas Auth-Service does, meaning that both services go to LDAP for their authentication requests, but the configurations are on different pages.
If the environment is multi-tenant, proxies must use Auth-Service, not TACACS+. If the environment is not multi-tenant, either Auth-Service or TACACS+ can be used.
If the environment has multiple domains, LDAP should be configured accordingly both in the LDAP Manager and on the Tacacs Management page. Both domains should be added separately so that users on different domains can authenticate proxies and web GUI by using the authentication service or Tacacs service.

Quick LDAP/AD Integration

Proxy and GUI Authentication with Auth-Service