cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

452
Views
0
Helpful
1
Replies

Issue with ACS on AD user Authorization on Cisco Nexus Devices

Hi,

I'm working on ACS 5.8 which is integrated with MS Active Directory.

ACS Intenal users can authenticate and get the authorizationion I have configured for them.

But I have some issues on AD users.

- All AD users can authenticate and I would like to be able to restricte authentication to only the AD groups I have selected.

- I have configured authorization rule for the AD users whose belong to the selected AD group but when they logged on to a Cisco Nexus device they always get operator role. I need to apply admin role to some of them and priv-0 role.

Thanks for helping!

1 REPLY 1
kthiruve
Cisco Employee

Hi,

 

You have done the right thing by verifying the users AD group in authorization policy.

The shell profile in the policy provides access to certain roles. Please make sure you have configured this correctly. Make sure the default policy is deny access.

 

https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115925-nexus-integration-acs-00.html

 

Thanks

Krishnan

 

Content for Community-Ad