Solved: TACACS Live Logs bug? Maybe?

baker82 · ‎07-12-2019

Has anyone experienced an issue where the tacacs live logs are not displaying in the correct the authorization profile?

I configured a tacacs device to point to ISE.

I ssh'ed to the device using an enabled internal username and password.

The live logs show authentication as passed and shows the successful authentication profile but beside it in the selected authorization profile, it's blank. If I open the details of the auth, and scroll down to "selected authorization profile" it names the selected shell profile. Not the authorization line name. Also I'm able to auth to the device successfully.

Just FYI, this is a new installation of ISE. I used the migration tool to migrate everything from ACS 5.6 to ISE 2.4 patch 6. Everything seems to be working great besides this little issue.

All my radius policys work perfect.

Ideas?

hslai · ‎07-15-2019

T+ authentication and authorization are two separate events. We should see something like below:

If that is not similar to yours, you might need to engage Cisco TAC to troubleshoot.

In ISE 2.3+, we do also see Selected Authorization Profile in the details report for the authentication event. That is to compensate some login security issue with NX-OS.

View solution in original post

hslai · ‎07-15-2019

T+ authentication and authorization are two separate events. We should see something like below:

If that is not similar to yours, you might need to engage Cisco TAC to troubleshoot.

In ISE 2.3+, we do also see Selected Authorization Profile in the details report for the authentication event. That is to compensate some login security issue with NX-OS.

baker82 · ‎07-16-2019

Thank you. Ill engage TAC for the issue.