Jump to content
Welcome to our new Citrix community!

need help with configuration of TACACS on VPX

Recommended Posts

we have LDAP already configured for authentication on VPX.


it is required to add TACACS server as secondry (backup)  for authentication, when LDAP is not working.


i had successfully added the tacacs server and made the policy and have globally bounded it.


Please suggest, how can i check that the TACACS is working fine or not, as i am able to successfully login but not sure from where i have been authenticated.


is there anyway that i can just disable LDAP (not removing the configuration) and try login to chek if tacacs is working.

Link to comment
Share on other sites

Are you using TACACS+ for system admin access only or on a vpnvserver (user entrypoint).

Ideally you would test this policy on a test system to avoid changing any production settings.  Then you could test tacacs in isolation.


If you want to test your tacacs policy without impacting your current system settings:

1) you could spin up an authentication vserver or a vpn vserver to test the tacacs policy on its own (be careful of the vpn vserver that you aren't passing unnecessary traffic).

Bind the policy to the authentication vserver or the vpn vserver and test the authentication behavior there.  Use an authentication vserver if using the advanced engine.


2) If you are only using tacacs on the system access, then you could change the policy priority to make tacacs process first, then ldap second to see if tacacs works.  tacacs at priority 10 and ldap and priority 100 would make tacacs first.  But I would be careful here.


To see which authentication method you used, view the aaad.debug info:


cd /tmp

cat aaad.debug

(this is a named pipe and you can view external authentication events here).



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...