Do you know which group you need to map the user to? If you are not trying to map the users to a specific group and you are looking for authentication then you can set the attribute "tacacsplus!fallbackgroup" on the riverbed locally.

for reference from riverbed forum - http://community.riverbed.com/t5/Answers/TACACS-authentication-with-Cisco-ACS/td-p/21223

Thanks,

Tarik Admani
*Please rate helpful posts*

I am getting the below error message, do you know why the ACS is not sending any groups

Created TACACSPlus connection to X.X.X.X:49
Authentication SUCCEEDED
No tacacsplus!fallbackgroup defined
No groups returned by authenticator
FAILED

Siddhartha

Hi,

Did you define the group in the shell profile, and then map the shell profile over to a tacacs authorization policy? If not, then that is your problem. If you are looking to grant all uses to the same riverbed group as long as the pass authentication, then my previous message shows what you need to configure on the riverbed locally.

Here is how you create a shell profile in ACS - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/pol_elem.html#wpxref45667

Thanks,

Tarik Admani
*Please rate helpful posts*

Thanks for your time Tarik, I am using ACS server 4.1 and already configured the below shell profile but that didn't do any good.

Below are the settings I am using in Riverbed

Siddhartha