Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
4
Replies

ACS 4.2 custom attribute problem

Cisco Freak
Level 4
Level 4

‎12-10-2015 10:58 AM - edited ‎03-10-2019 11:19 PM

Hi,

I am configuring a user account in ACS 4.2. I assigned privilege level 15 and exec access to user and it works.User can get into config mode.

Now I am adding a few custom attribute to that user to enable configuration access to a ace context.

After that the user loses the privilege level 15 and he gets privilege level 1 and the customer attributes takes effect.

Is there anyway I can keep both custom attributes and privilege level 15.

CF

Labels:
0 Helpful
4 Replies 4

Javier Henderson
Level 4
Level 4

‎12-10-2015 11:30 AM

Given the problem description, I suspect the custom attribute/value pairs are configured as mandatory. Since the IOS devices don't know what to do with them, and they are mandatory, authorization will fail, per design.

Try making the custom a/v pairs optional (i.e., use * instead of = when defining them).

0 Helpful

Cisco Freak
Level 4
Level 4
In response to Javier Henderson

‎12-10-2015 12:03 PM

This is how I defined the custom attribute:

shell:Context1*Admin default-domain

There is no = in the definition.

0 Helpful

Cisco Freak
Level 4
Level 4
In response to Cisco Freak

‎12-10-2015 12:22 PM

How do I assign privilege level 15 and exec access through custom attribute?

0 Helpful

Cisco Freak
Level 4
Level 4
In response to Cisco Freak

‎12-14-2015 09:10 AM

Anyone got idea about this problem?

How do I assign privilege level 15 and exec access through custom attribute?

0 Helpful
Customers Also Viewed These Support Documents