Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1445
Views
0
Helpful
1
Replies

DCNM 6.2.1 authentication with ACS 5.3

rgchevezh
Level 1
Level 1

‎07-22-2013 10:23 AM - edited ‎03-01-2019 07:22 AM

Hello,

I registered DCNM 6.2.1 to ACS 5.3 with TACACS+ protocol. Now i´m unable to get administrative rights on DCNM, the user that i´m using is located at ACS 5.3 with administrative privileges, but no administrative rights when logging into DCNM.

Maybe i'm missing some special attribute on ACS...not sure...

Thanks folks,

Labels:
0 Helpful
1 Reply 1

jasoncgross
Level 1
Level 1

‎01-21-2014 12:40 PM

Rafael,

I had the same issue.  You need to go into ACS and create a custom Shell Profile (Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles), flip to the "Custom Attributes" tab, and add the following:

Attribute: cisco-av-pair

Requirement: Mandatory

Attribute Value: Static

Value: shell:roles="network-admin"

...although if you want a non-admin or DCNM "User" role, you would use the following instead:

Value: shell:roles="network-operator"

Save that.  Then make sure your Device Admin Authorization Policy (Access Policies > Access Services > Default Device Admin > Authorization) references that Shell Profile in the "Results" section.

I'm using DCNM version 6.2(5) and this works.

Here's a useful link for more info: http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bf5512.shtml

0 Helpful
Customers Also Viewed These Support Documents