Hi,
As per the IMC Administration guide, it says "You can configure authentication services through RADIUS or LDAP using the Authentication Server feature found under Operator Management' and does not talk about TACACS. May be you can try with RADIUS.
I am an HPE Employee
Hi Ray,
Were you able to upgrade the IMC and test
I am an HPE Employee
Hello,
The TACACS auth feature for operators should work, have you tried authenticating to TACACS without returning any specific attributes? Keep in mind, the feature does require you to manually create each TACACS user as an operator in IMC that you'd like to allow to login via TACACS.
The "privilege level" that the user gets will thus be determined by you, when you manually create the operator in IMC - with "Authentication Type" set to TACACS and "Operator Group" used to determine what the operator is able to do. The TACACS server will simply handle the verification of credentials here, giving the ACCEPT/REJECT to allow iMC to determine whether the operator is allowed to login in the first place.
Personally I'd suggest using the much more popular LDAP method to an Active Directory server, as this option requires no manual work to create operators. It has the benefit of being able to automatically add a new operator to iMC when that user first logs in - if their AD attributes match what you have defined in the Advanced Settings > Synchronize LDAP Operator. For example, you could allow all members of the "Domain Admins" security group to log into iMC. If the AD Domain Admin didn't already exist as an operator in iMC, it would automatically be created and assigned to iMC's built-in "Administrator" group (or any other - it's really up to how you configure it).
Justin
Working @ HPE
