https://community.cisco.com/t5/application-networking/ace-virtual-context-tacacs-authentication-issue/m-p/1606793#M32697 <HTML><HEAD></HEAD><BODY><P>Hi Parvees,</P><P></P><P>I also encounterd this when when configuring multiple contexts via ACS.</P><P>The solution is to use an asterik in the syntax after the context.</P><P>Without it you will receive network admin permissions as you have described below.</P><P></P><P>For example:</P><P></P><P>shell:Admin*Admin default-domain <BR />shell:Web*Admin default-domain<BR />shell:Parties*Admin default-domain</P><P></P><P>Hope this solves your problem.</P><P></P><P>Jack.</P></BODY></HTML> Tue, 29 Mar 2011 11:45:58 GMT jackwikinski 2011-03-29T11:45:58Z https://community.cisco.com/t5/application-networking/ace-virtual-context-tacacs-authentication-issue/m-p/1606790#M32694 <P>Hello All,</P><P></P><P>I have configured four context in ACE module.</P><P></P><P>I am trying to authenticate individual context through ACS.</P><P></P><P>Admin context authentication is working perfectly fine , and it is assigning the role of Admin for all the ACS users.</P><P></P><P>But when i am trying to authenticate other context , authentication part is working fine. but the user is not able to do any action other than show commands.</P><P></P><P>when i checked the user-account ( show user-account), it is given the role of Network-Admin .</P><P></P><P>Admin Context Output:</P><P>---------------------------------</P><P></P><P></P><P>user:parvees.m</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; roles: Admin </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; domain: default-domain </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Context: Admin</P><P></P><P></P><P>Context ABC output</P><P>-----------------------------</P><P></P><P>user:parvees.m</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; roles: Network-Admin</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; domain: default-domain </P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Context: ABC</P><P></P><P></P><P>Any help is highly appreciated.</P><P></P><P>regards,</P><P>Parvees M</P> Mon, 28 Mar 2011 10:26:13 GMT https://community.cisco.com/t5/application-networking/ace-virtual-context-tacacs-authentication-issue/m-p/1606790#M32694 parveesm123 2011-03-28T10:26:13Z https://community.cisco.com/t5/application-networking/ace-virtual-context-tacacs-authentication-issue/m-p/1606791#M32695 <HTML><HEAD></HEAD><BODY><P>Hello Parvees,</P><P></P><P>What value did you set to shell attrribute on your ACS? It should be like:<SPAN class="content"></SPAN></P><P></P><P><SPAN class="content">shell:</SPAN>ABC<SPAN class="content">=Admin</SPAN></P><P></P><P>If you take a capture (wireshark with your tacas secret), do you see this attribute-value being sent?</P><P></P><P>Thanks,</P><P></P><P>Olivier</P></BODY></HTML> Mon, 28 Mar 2011 12:26:26 GMT https://community.cisco.com/t5/application-networking/ace-virtual-context-tacacs-authentication-issue/m-p/1606791#M32695 ohynderi 2011-03-28T12:26:26Z https://community.cisco.com/t5/application-networking/ace-virtual-context-tacacs-authentication-issue/m-p/1606792#M32696 <HTML><HEAD></HEAD><BODY><P>Hi Oliver,</P><P></P><P>ACS shell following command has been added and it worked for me</P><P></P><P>shell:ABC ="Admin default-domain"</P><P></P><P>this has been repeated for all the domains... and it worked fine</P><P></P><P>regards,</P><P></P><P>Parvees</P></BODY></HTML> Mon, 28 Mar 2011 13:34:39 GMT https://community.cisco.com/t5/application-networking/ace-virtual-context-tacacs-authentication-issue/m-p/1606792#M32696 parveesm123 2011-03-28T13:34:39Z https://community.cisco.com/t5/application-networking/ace-virtual-context-tacacs-authentication-issue/m-p/1606793#M32697 <HTML><HEAD></HEAD><BODY><P>Hi Parvees,</P><P></P><P>I also encounterd this when when configuring multiple contexts via ACS.</P><P>The solution is to use an asterik in the syntax after the context.</P><P>Without it you will receive network admin permissions as you have described below.</P><P></P><P>For example:</P><P></P><P>shell:Admin*Admin default-domain <BR />shell:Web*Admin default-domain<BR />shell:Parties*Admin default-domain</P><P></P><P>Hope this solves your problem.</P><P></P><P>Jack.</P></BODY></HTML> Tue, 29 Mar 2011 11:45:58 GMT https://community.cisco.com/t5/application-networking/ace-virtual-context-tacacs-authentication-issue/m-p/1606793#M32697 jackwikinski 2011-03-29T11:45:58Z