cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2310
Views
5
Helpful
4
Replies

How to Add Authorization Attribute in ACS 4.2

kevin.hu
Level 3
Level 3

Dear ACS experts,

I am trying to use ACS 4.2 to authenticate and authorize TACACS+ traffic coming from Riverbed Steelhead WAN Optimizer appliance.  One of the configuration task is to add the following authorization attribute to the ACS 4.2.

service = rbt-exec {
local-user-name = "monitor"
}

After looking at all the configuration options on ACS, I am at lost.  I have no idea where to put this attribute.  Please point me to a right direction.

Thank you much!

2 Accepted Solutions

Accepted Solutions

rodmunch999
Level 1
Level 1

Hi Kevin - I can point you in the right direction -

  1. Go to Interface Configuration > TACACS+(Cisco)
  2. Under New Services tick the Radio button and type in "rtb-exec" under Service and "Unknown" under Protocol
  3. Press Submit
  4. Go to your ACS Group and under TACACS+ settings there should be a new Service
  5. Fill in service as follows:

This should get you some of the way - This article suggest there is a problem where this will only give you full access but I haven't tested it:

http://community.riverbed.com/t5/Steelhead-Appliance/TACACS-Authentication-Monitor-Access/m-p/7417

View solution in original post

Jatin Katyal
Cisco Employee
Cisco Employee

Further to rodmunch post, I would like to add/correct. The attribute "rbt-exec" value should go like this;



Hope this helps.


Rgds, Jatin



Do rate helpful posts~

~Jatin

View solution in original post

4 Replies 4

rodmunch999
Level 1
Level 1

Hi Kevin - I can point you in the right direction -

  1. Go to Interface Configuration > TACACS+(Cisco)
  2. Under New Services tick the Radio button and type in "rtb-exec" under Service and "Unknown" under Protocol
  3. Press Submit
  4. Go to your ACS Group and under TACACS+ settings there should be a new Service
  5. Fill in service as follows:

This should get you some of the way - This article suggest there is a problem where this will only give you full access but I haven't tested it:

http://community.riverbed.com/t5/Steelhead-Appliance/TACACS-Authentication-Monitor-Access/m-p/7417

Jatin Katyal
Cisco Employee
Cisco Employee

Further to rodmunch post, I would like to add/correct. The attribute "rbt-exec" value should go like this;



Hope this helps.


Rgds, Jatin



Do rate helpful posts~

~Jatin

Thank you both.

It is weird that Interface>TACACS+ (Cisco IOS) has no submit buttom whereas all other options, such as RADIUS, have submit buttom.  It must be a bug.

It is possible to apply this attribute in a per user basis?  I don't see such option under per user configuration.

Go to interface configuration >> Advanced option >> check the option "Per-user TACACS+/RADIUS Attributes"

Now go back to TACACS+ (Cisco IOS) >> you would see two boxes in front of service >> check the first one for user >> submit


Regds, Jatin

Do rate helpful posts~

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: