08-21-2010 06:16 AM
I am working setting up RBAC on my ACE-device. To give a user a specific role one use the Custom attribute "shell:<Context>*<Role> <Domain>".
The command is working if I define it directly on the user in adittion using Custom attribute directly. With that I meen not use a TACACS+ (Cisco IOS) -> "New Service" attached to the user.
Have anyone gotten this to work wither with (optional) or a "TACACS+ (Cisco IOS)-service". The same goes for both appliance and module.
Also, I am looking to get this working on a group. Not only on a user.
Thanks in advance for any help!
12-08-2010 04:52 PM
12-09-2010 12:08 AM
Hi Christopher and thanks for the responce!
I have allready tried as you asked and do manage to log inn with the correct role using the Custom Attriute directly on the user. The problems I am facing are generally two:
regards,
Ole M. Steinkjer
12-09-2010 12:33 PM
Using "*" in the custom attribute means that the device recieving those details should ignore it if it does not understand the input. "=" forces the device to parse the input wether it understands it or not. We only support specific products, so I can say for our other Content devices, "*" works just fine. It "should" work with other Cisco devices assuming you don't hit bugs on those devices.
For the group, I have had it work in the past, but I will check again in my lab and get back to you with the settings/version information!
Regards,
Chris Higgins
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide