06-12-2012 07:07 AM
I'm trying to manages the NCS WebGUI users via ACS 5.3. When I try to login with my user "TESTUSER" I'll receivce the following message:
"No authorization information found for Remote Authenticated User. Please check the correctness of the associated task(s) and Virtual Domain(s) in the remote server"
At the NCS Server I've configured:
1.
Administration > AAA > TACACS+ Servers = Added Tacacs Server 1
Administration > AAA > TACACS+ Servers = Added Tacacs Server 2
2.
Administration > AAA > AAA Mode Settings = Tacacs+
Enable fallback to Local - on auth failure or no server response is checked
--- !! ACS and NCS are in the same subnet !! ---
At the ACS Server I've configure
1.
Users and Identity Stores > Internal Identity Stores > Users = TESTUSER + Password = abcd1234ABCD + Member of NCS-ADMIN
2.
Network Resources > Network Devices and AAA Clients = Added NCS with vaild Tacacs key
3.
Access Policies > Access Services = Name: AS LOGIN TACACS - Service Type: Device Administration - Included Policies: Identity & Authorization
4.
Access Policies > Access Services > Service Selection Rules = Name: EnabledSSR-Rule-1 && NDG:Device Type: -ANY- && NDG:Location: -ANY- && match Tacacs > AS LOGIN TACACS
5.
Access Policies > Access Services > AS LOGIN TACACS > Identity = Internal Users
6.
Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles: NCS-ADMIN-LOGIN > Custom attributes
role0=Root
virtual-domain0=ROOT-DOMAIN
task0=Users and Groups
task1=Audit Trails
task2=TACACS+ Servers
task3=RADIUS Servers
task4=Logging
task5=License Center
task6=Scheduled Tasks and Data Collection
task7=User Preferences
task8=System Settings
task9=Diagnostic Information
task10=View Alerts and Events
task11=Email Notification
task12=Delete and Clear Alerts
task13=Pick and Unpick Alerts
task14=Configure Controllers
task15=Configure Templates
task16=Configure Config Groups
task17=Configure Access Points
task18=Configure Access Point Templates
task19=Configure Choke Points
task20=Monitor Controllers
task21=Monitor Access Points
task22=Monitor Clients
task23=Monitor Tags
task24=Monitor Security
task25=Monitor Chokepoints
task26=Mesh Reports
task27=Client Reports
task28=Performance Reports
task29=Security Reports
task30=Location Server Management
task31=View Location Notifications
task32=Maps Read Only
task33=Maps Read Write
task34=Client Location
task35=Rogue Location
task36=Planning Mode
task37=Ack and Unack Alerts
task38=Migration Templates
task39=Configure Spectrum Experts
task40=Monitor Spectrum Experts
task41=Auto Provisioning
task42=Voice Audit Report
task43=Virtual Domain Management
task44=Scheduled Configuration Tasks
task45=Configure WiFi TDOA Receivers
task46=Configure ACS View Servers
task47=Monitor WiFi TDOA Receivers
task48=RRM Dashboard
task49=Config Audit Dashboard
task50=High Availability Configuration
task51=Health Monitor Details
task52=Configure WIPS Profiles
task53=Global SSID Groups
task54=Configure Lightweight Access Point Templates
task55=Configure Autonomous Access Point Templates
task56=Handover Server Management
task57=Monitor Handover Server
task58=Configure Ethernet Switch Ports
task59=Configure Ethernet Switches
task60=Device Reports
task61=Network Summary Reports
task62=Compliance Reports
task63=Report Launch Pad
task64=Run Reports List
task65=Saved Reports List
task66=Report Run History
task67=Database Query and Update
task68=Ack and Unack Security Index Issues
task69=View Security Index Issues
task70=Monitor Media Streams
task71=Monitor Interferers
task72=Voice Diagnostics
task73=CleanAir Reports
task74=ContextAware Reports
task75=Automated Feedback
task76=TAC Case Attachment Tool
7.
Access Policies > Access Services > AS LOGIN TACACS > Authorization =
rule-1 NDG:Device Type: -ANY- && NDG:Location: -ANY- && Identity Group: in All Groups:NCS-ADMIN && Shell Profile: NCS-ADMIN-LOGIN