Core issue
In this issue, logs on the Cisco Secure ACS show that authentication has passed, but Optical Networking Subtechnology (ONS) shows that authentication login failed with the Exception = Invalid Login error message.
Resolution
Complete these steps in order to resolve this issue:
- Make sure an attribute-value (AV) is properly configured. An AV pair represents a variable and one of the possible values that the variable can hold. Within ONS, users are mapped to different security groups based on Cisco AV Pair. This is an example:
"shell:priv-lvl=X" where X can be value of 0 to 3:
0 represents RTRV.
1 represents PROV.
2 represents MAINT.
3 represents SUPER.
- In the ACS Radius IETF attributes, make sure that Service type = Login.
- Try to login again.
Refer to RADIUS Authentication Problems in ONS 15454 Version 6.0 for more information and other known problems with authentication.