I have a Cisco ISE 2.7 server acting as a TACACS provider for an ACI fabric. Correctly entered APIC (4.2) logins work and are logged in the ISE TACACS live log. Incorrectly entered APIC logins fail but are not logged in the ISE TACACS live log. Need failures to log for compliance.
Additionally, the new identity screen contains a selectable option to required a password change from the new user at first login. With this selection made, the login for the new user fails on the APIC. Bug?