https://community.cisco.com/t5/network-access-control/acs-device-authorization-failure/m-p/975832#M390223 <P>Good Afternoon:</P><P>I hoping someone can help me out... I have an ACS configured with a group that is setup for admins. This group is mapped to an AD group. This is setup correctly. On each network device are the commands:</P><P></P><P>aaa authorization exec default group tacacs+ if-authenticated</P><P></P><P>I can create a local user and place them into the aformentioned group and the TACACs authentication and authorization work fine. However, I cannot use that same local group mapped to a AD group and a user in that group. It passes authentication but I get an authorization failure in my logs (ACS) and a authorization failed message on the device.</P><P></P><P>Any ideas?</P><P></P><P>Thanks!</P> Sun, 10 Mar 2019 22:56:58 GMT svanhandel 2019-03-10T22:56:58Z https://community.cisco.com/t5/network-access-control/acs-device-authorization-failure/m-p/975832#M390223 <P>Good Afternoon:</P><P>I hoping someone can help me out... I have an ACS configured with a group that is setup for admins. This group is mapped to an AD group. This is setup correctly. On each network device are the commands:</P><P></P><P>aaa authorization exec default group tacacs+ if-authenticated</P><P></P><P>I can create a local user and place them into the aformentioned group and the TACACs authentication and authorization work fine. However, I cannot use that same local group mapped to a AD group and a user in that group. It passes authentication but I get an authorization failure in my logs (ACS) and a authorization failed message on the device.</P><P></P><P>Any ideas?</P><P></P><P>Thanks!</P> Sun, 10 Mar 2019 22:56:58 GMT https://community.cisco.com/t5/network-access-control/acs-device-authorization-failure/m-p/975832#M390223 svanhandel 2019-03-10T22:56:58Z https://community.cisco.com/t5/network-access-control/acs-device-authorization-failure/m-p/975833#M390225 <HTML><HEAD></HEAD><BODY><P>ACS has extensive logging capabilities that allow an administrator to troubleshoot any issue pertaining to the ACS server itself (for example, replication) or an AAA request problem (for example, an authentication problem) from NAS. </P><P></P><P>Refer the following url for more info on troubleshooting ACS:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_Trble.html" target="_blank">http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_Trble.html</A></P></BODY></HTML> Mon, 07 Jul 2008 16:42:06 GMT https://community.cisco.com/t5/network-access-control/acs-device-authorization-failure/m-p/975833#M390225 hadbou 2008-07-07T16:42:06Z