11-13-2012 12:08 PM - edited 03-10-2019 07:46 PM
I want to have a local user in ACS that is permitted to login to routers. I have TACACS with AD already working but cannot get a local user to work. I used to do this in ACS 4.x.
I cannot find a config example doc and cannot figure it out from the user guide as the documention is sorely lacking.
11-13-2012 12:32 PM
Hi Vin,
What's happening in your scenario is that you have your Access Policy/Identity using only AD1, this will force the ACS to check only in the Active Directory database.
If you want to use both databases you need to create an Identity Store Sequence, this is done under "Users and Identity Stores/External Identity Stores/Identity Store Sequences"
In this section you need to define both databases like the example below:
Then you need to use this option under Identity. Check below:
Let me know if it helps.
11-13-2012 12:50 PM
That did not seem to work. Here's what I have.
11-13-2012 12:52 PM
Oh and here's the error I'm getting.
11-13-2012 12:55 PM
Ok... it seems to be working now. I set the identity source to "internal users" then back to "TACACS+ search sequence" and now it's working.
Thanks!
11-13-2012 12:59 PM
Glad to know it's working now. Usually we use Internal Users first as the ACS database is smaller than the Active Directory.
Rate if it helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide