cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1331
Views
11
Helpful
2
Replies

ISE TACACS - compound A/V pair

tgraham
Level 1
Level 1

We are migrating device administration via TACACS from ACS to ISE.  I am having a problem with a Riverbed appliance.  We wish to have to have users logging via TACAS to have "system administrator" privilege. The vendor documentation gives the following:

user = tacplus {

login = cleartext "tacplus"

service = system {

riverbed-roles-list = "System Administrator"

}

}

I was able to use the following to achieve the privilege elevation in ACS:

service = system

riverbed-roles-list = System Administrator

In ISE I set up the profile:

service = system

riverbed-roles-list = System Administrator

With this I get the appliance says "Invalid Credentials"

Response  {Authen-Reply-Status=Pass; }

So I assume I need quotes:

service = system

riverbed-roles-list = "System Administrator"

With this my login is successful but my privileges are not elevated.

The ISE says:

{Author-Reply-Status=PassAdd; AVPair=riverbed-roles-list = "System Administrator"; AVPair=service = system; }

I also tried 'System Administrator' (single quotes) and get the same "Invalid Credentials" Response  {Authen-Reply-Status=Pass; } as I did with no quotes.

It was simple to implement with the ACS - does anyone have advice as to what needs to be done to get this done in ISE?

Thanks.

1 Accepted Solution

Accepted Solutions

I solved it!

I am leaving the answer to share with others.

Lesson learned - take out the spaces/punctuation.

Correct syntax:

service=system

riverbed-roles-list=System Administrator

View solution in original post

2 Replies 2

tgraham
Level 1
Level 1

To be specific the ACS configuration looks like

Attribute                  Requirement       Value

riverbed-roles-list   Manadatory          System Administator

service                   Mandatory             system

I solved it!

I am leaving the answer to share with others.

Lesson learned - take out the spaces/punctuation.

Correct syntax:

service=system

riverbed-roles-list=System Administrator

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: