Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2937
Views
0
Helpful
1
Replies

ISE TACACS AD integration and enable password

illusion_rox
Level 1
Level 1

‎08-29-2017 01:53 AM - edited ‎02-21-2020 10:33 AM

Hi Guys, 

 

I am bit new to ISE and unfortunately without training. Can someone advise on a high level that when we want to do tacacs+ device administration for cisco routers/switches, and want to do both login + enable authentication/authorization from ISE, how do we do it in the case when customer wants to authenticate users from Active directory?

 

First case would be, that for both login and enable, password would be same. (or please tell me if it could be different)

 

Second case would be that customer wants password for both login and enable to be different. What to do in this case?

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Hilda Arteaga
Cisco Employee
Cisco Employee

‎08-31-2017 12:20 PM

Hi illusion_rox

On this document you can find how to configure TACACS+ Authentication and Command Authorization based on Microsoft Active Directory (AD) group membership of a user with Identity Service Engine (ISE) 2.0 and later.

 

Hope it's helpful!

 

0 Helpful
Customers Also Viewed These Support Documents