This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Just been trying to set-up an ACE4700 to Auth to ACS Release 4.2(0) Build 124 Patch 9.
Issues i have are...
Seems that this bug is effecting my Authenicating with SSH
The only way i can get an account to work is if i Telnet before i SSH to the ACE device? ANy help would be great as the ACE links stright into to a Firewall hence i'm gona find this hard to do for 40 odd users....
Also why does the CONF T only work if i use the following in the user account setup and not in the group. This will be a huge pain as i will have to amend all the accounts by hand one by one!????
Many thanks in advance!
Regarding your ACS question, the presence of any user specific attributes will make ACS ignore any group level attributes for that user. There is no way to combine attributes at both user and group levels.
Regarding bug CSCsu36078, what firmware version are you running on your ACE?
loader: Version 0.95.1
system: Version A3(2.0) [build 3.0(0)A3(2.0) adbuild_17:35:22-2008/10/01_/a
system image file: (hd0,1)/c4710ace-mz.A3_2_0.bin
Device Manager version 1.1 (0) 20080805:0415
Regarding the groups - i have tested with this AV pair thing in either the group or user separately and it only works in user accounts - any chance of a way to get the group to work??
PS many thanks for a quick response!
Are there any AV pairs defined for the user with which you are testing? If so, none of the group level AV pairs will be in effect.
I have added them in twice while i was testing - i.e. 1st tried the group - this did not work, 2nd tried the user this worked. I did remove teh AV -pairs from each area before i continued.
I understand, but besides the AV pairs for the ACE role, do you have any other AV pairs assigned to this user?
You will then want to set the log level detail on ACS to full, reproduce the problem, and look at the auth.log and RDS.log files.