It's been a while since I've played with Huawei switches, but the last time I did the switch had to be setup to play nice, and the tacacs priviledge had to be set to 1.
Below is what I did, test it on a lab switch to make sure you don't get locked out.
--- On the switch ---
Go into system-view
Add users:
ssh user testadmin authentication-type password
ssh user testadmin service-type stelnet
set authentication scheme:
hwtacacs scheme hwtac
primary authorization 1.2.3.4 49
primary accounting 1.2.3.4 49
primary authentication 1.2.3.4 49
key authentication magicKey
key authorization magicKey
key accounting magicKey
user-name-format without-domain
quit
Set the default scheme:
domain hwtac
scheme hwtacacs-scheme hwtac
domain default enable hwtac
--- On the TACACs server, the stanza looked like this ---
service = h3c_shell {
default cmd = permit
default command = permit
default attribute = permit
set priv-lvl = 1
}