11-20-2002 04:27 PM - edited 03-09-2019 01:08 AM
I am trying to get management authentication working using TACACS from a 350AP running FW 12.0T. The requests hit the ACS server but I get the message author failed (service denied service=aironet protocol=shell). It seems that I have something wrong with the user or group level TACACS attributes but I am new to ACS. Help Please...
11-20-2002 04:53 PM
In ACS under Group Setup, select the check box under TACACS for shell. Also, set priv-lvl=15. If these options aren't available, check under Interface Configuration>>Tacacs.
HTH
Jeff
11-20-2002 05:05 PM
I have verified that these are set at the user and group level and still get the same message.What about Shell Command Authorization set?
11-21-2002 04:35 PM
Only RADIUS can be used for administrator authentication..TACACS is there for future enhancements...
For admin user authentication against ACS radius, you need to have following
1)12.0T image on AP350..as only that image supports that.
2)configure radius server ip address on "authenticaton server" page and check on "user authentication"
3)configure the user in ACS and also include the attribute in the cisco av-pair list for that user as
aironet:admin-capability=write+ident+admin+firmware
Once you have that authentication and authorization will work fine.
11-26-2002 12:23 AM
Does this require certain release of ACS?
My ACS server is at version "3.0(2) Build 5" (no service patch), and image 12.0T for the wireless APs.
The wireless aironet users can authenticate via the ACS radius no problem, but for admin management access to the access points, I can't find the "Radius (Aironet)" attributes in the Interface Configuration section, only the "Radius (IETF)" shows up when I define the APs with "Radius (Cisco Aironet)" in "Authenticate Using".
Any idea?? Thanks.
Fanny
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide