Steps
13005 Received TACACS+ Authorization Request - administrator
15049 Evaluating Policy Group - dotcomlab.net
15008 Evaluating Service Selection Policy - administrator
15048 Queried PIP - dotcomlab.net
15041 Evaluating Identity Policy - administrator
15013 Selected Identity Source - administrator
24432 Looking up user in Active Directory - administrator
24325 Resolving identity - huanggq
24313 Search for matching accounts at join point - dotcomlab.net
24319 Single matching account found in forest - dotcomlab.net
24323 Identity resolution detected single matching account
24355 LDAP fetch succeeded - dotcomlab.net
24420 User's Attributes retrieval from Active Directory succeeded - administrator
24100 Some of the expected attributes are not found on the subject record. The default values, if configured, will be used for these attributes - administrator
22037 Authentication Passed
15036 Evaluating Authorization Policy
24432 Looking up user in Active Directory
24355 LDAP fetch succeeded
24416 User's Groups retrieval from Active Directory succeeded
24355 LDAP fetch succeeded
24420 User's Attributes retrieval from Active Directory succeeded
24100 Some of the expected attributes are not found on the subject record. The default values, if configured, will be used for these attributes
15048 Queried PIP - administrator.ExternalGroups
15017 Selected Shell Profile
22081 Max sessions policy passed
22080 New accounting session created in Session cache
13034 Returned TACACS+ Authorization Reply
已解决! 转到解答。
ISE的log看起来没有什么明显的错误,你可以在设备上debug检查下tacacs的信息吧,看看是否有什么异常,另外ISE方面tacacs的Live logs可以直接看到是否成功。
Operations > TACACS > Live Logs