Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
740
Views
0
Helpful
2
Replies

ACE and AAA (TACACS+)

Go to solution
dirk.barnekow
Level 1
Level 1

‎07-11-2007 11:39 AM

Hi there,

i have a little problem with tacacs+ and the ace module.

i have configured aaa authentication with tacacs. The authentication with the ACS works fine. But when i am logged in on the ACE module, i can't work with the command configure... when looked on the user informations i see that i am logged in with the role "Network-Monitoring".

How can i map a user from the ACS (Tacacs) to the role admin ?

Have i do some configuration on the ACS or on the module ???

On CCO i found nothing about mapping. Only something with LDAP (is this eventually the solution)

Thanks a lot for answers an best regards..

Dirk

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roble Mumin
Level 3
Level 3

‎07-11-2007 12:04 PM

You have to submit the role during authentication and authorization. The info you are looking for is in the security guide. Check the following link which explains your issue very well.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a0080686bbb.html#wp1519045

[quote]

The user profile attribute serves an important configuration function configuration for a TACACS+ server group. If the user profile attribute is not obtained from the server during authentication, or if the profile is obtained from the server but the context name(s) in the profile do not match the context in which the user is trying to log in, the default role (Network-Monitor) and default domain (default-domain) will be assigned to the user provided the authentication is successful.

[quote end]

Hope that helps...

Roble

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Roble Mumin
Level 3
Level 3

‎07-11-2007 12:04 PM

You have to submit the role during authentication and authorization. The info you are looking for is in the security guide. Check the following link which explains your issue very well.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a0080686bbb.html#wp1519045

[quote]

The user profile attribute serves an important configuration function configuration for a TACACS+ server group. If the user profile attribute is not obtained from the server during authentication, or if the profile is obtained from the server but the context name(s) in the profile do not match the context in which the user is trying to log in, the default role (Network-Monitor) and default domain (default-domain) will be assigned to the user provided the authentication is successful.

[quote end]

Hope that helps...

Roble

0 Helpful

Go to solution
dirk.barnekow
Level 1
Level 1
In response to Roble Mumin

‎07-11-2007 11:03 PM

Hi Roble,

thanks a lot. That is what i was looking for...

Everything works fine now.

Best regards.

Dirk

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card