Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1939
Views
0
Helpful
7
Replies

Cisco ACE and ACS setup - why u need to telnet 1st before SSH?

johngething
Level 1
Level 1

‎03-16-2010 09:14 AM - edited ‎03-10-2019 05:00 PM

All,

Just been trying to set-up an ACE4700 to Auth to ACS Release 4.2(0) Build 124 Patch 9.

Issues i have are...

Seems that this bug is effecting my Authenicating with SSH

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsu36078&from=summary

The only way i can get an account to work is if i Telnet before i SSH to the ACE device? ANy help would be great as the ACE links stright into to a Firewall hence i'm gona find this hard to do for 40 odd users....

Also why does the CONF T only work if i use the following in the user account setup and not in the group. This will be a huge pain as i will have to amend all the accounts by hand one by one!????


shell:Admin*Admin default-domain

Many thanks in advance!

Labels:
0 Helpful
7 Replies 7

Javier Henderson
Level 4
Level 4

‎03-16-2010 09:18 AM

Regarding your ACS question, the presence of any user specific attributes will make ACS ignore any group level attributes for that user. There is no way to combine attributes at both user and group levels.

Regarding bug CSCsu36078, what firmware version are you running on your ACE?

0 Helpful

johngething
Level 1
Level 1
In response to Javier Henderson

‎03-16-2010 09:32 AM

Firmware =

Software
  loader:    Version 0.95.1
  system:    Version A3(2.0) [build 3.0(0)A3(2.0) adbuild_17:35:22-2008/10/01_/a
uto/adbu-rel4/rel_a3_2_0_dev_build/REL_3_0_0_A3_2_0]
  system image file: (hd0,1)/c4710ace-mz.A3_2_0.bin
  Device Manager version 1.1 (0) 20080805:0415

Regarding the groups - i have tested with this AV pair thing in either the group or user separately and it only works in user accounts - any chance of a way to get the group to work??

PS many thanks for a quick response!

0 Helpful

Javier Henderson
Level 4
Level 4
In response to johngething

‎03-16-2010 09:34 AM

Are there any AV pairs defined for the user with which you are testing? If so, none of the group level AV pairs will be in effect.

0 Helpful

johngething
Level 1
Level 1
In response to Javier Henderson

‎03-16-2010 09:42 AM

I have added them in twice while i was testing - i.e. 1st tried the group - this did not work, 2nd tried the user this worked. I did remove teh AV -pairs from each area before i continued.

0 Helpful

Javier Henderson
Level 4
Level 4
In response to johngething

‎03-16-2010 09:43 AM

I understand, but besides the AV pairs for the ACE role, do you have any other AV pairs assigned to this user?

0 Helpful

johngething
Level 1
Level 1
In response to Javier Henderson

‎03-16-2010 09:45 AM

oops no they are the only ones

0 Helpful

Javier Henderson
Level 4
Level 4
In response to johngething

‎03-16-2010 09:55 AM

You will then want to set the log level detail on ACS to full, reproduce the problem, and look at the auth.log and RDS.log files.

0 Helpful
Customers Also Viewed These Support Documents