I'm having an issue with TACACS+ AAA setup with a Nexus 7000 running 4.2(2a) and ACS 4.2. I've added the av-pair string of
shell:roles="network-operator vdc-admin" into the TACACS+ settings under the group custom attributes. When I log in I the login hangs
waiting for the custom attribute pair to respond back the switch which it doesn't seem to do and it then dumps me into vdc-operator role and not the
Can any one give me any additional pointers?
Thanks in advance,
Just for reference we've fixed this. The based VDC always seemed to honour the PRIV 15 under the ACS group and gave you network-admin, the correct syntax for vdc-admin passthrough on the av-pair is:
That's all you need.
I saw your post and figured I would give you a shout. I have a client with a 7K installed. We are running ACS 4.2 and all network equipment is functioning with the exception of the 7K.
We keep getting:
TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
Do you have a sample of your config for your 7K? Did you have to do anything special in ACS for it to talk to the 7K? Been beating my head on this for a few weeks and the Cisco Config guides don't solve my issue. Follow them to a tee and still does not work.
I am also getting this message repeatedly on my NX5000, although the authentication and authorization are working fine. Will appreciate any clues. thanks
%TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond