08-26-2010 09:42 AM - edited 03-10-2019 05:21 PM
Any guidance on configuring the shell profile for RBAC on ACS5.1 for ACE or Nexus 1000v? I've configured 4.x before with ACE and it works fine, but I can't seem to get it to work right with 5.1. On the Nexus it always logs me in as vdc-operator. On ACS 4.x I had to create the custom shell attribute as below for ACE.
shell:Admin*Admin default-domain
Solved! Go to Solution.
08-26-2010 12:24 PM
Go the shell profile definitions
- Select custom attributes tab
- In data entry field at the bottom enter:
Attribute: shell:Admin
Value: Admin default-domain
Requirement: Optional
Press "Add" to add to list and then "Submit" to save
08-26-2010 12:24 PM
Go the shell profile definitions
- Select custom attributes tab
- In data entry field at the bottom enter:
Attribute: shell:Admin
Value: Admin default-domain
Requirement: Optional
Press "Add" to add to list and then "Submit" to save
08-26-2010 01:35 PM
That worked perfectly for the ACE. I knew it was close, but the context was just different enough from the 4.x that I was guessing wrong. What about for the Nexus roles? It keeps logging me in a vdc-operator. I've tried Attribute role: and Value of network-admin with optional also.
08-26-2010 02:13 PM
Did you have Nexus roles working with ACS 4.2? Do you know what attribute and value needs to be returned?
08-26-2010 05:21 PM
No, this is a new experience for me with the Nexus. The only thing I found was from the Nexus 7k documentation that mentions the role of network-admin must be assigned. I actually wish they would be more specific regarding special configurations for interoperability with ACS.
08-27-2010 06:24 AM
I ended up opening a TAC case and got the proper attributes.
Attribute would be "shell:roles"
Requirement is Optional
Value is "network-admin"
or on ACS4.2 it would be shell:roles*"network-admin"
For any others that might use this info
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide