Permission denied for the role - user from tacacs - NX5K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2018 08:49 AM - edited 03-08-2019 02:52 PM
Hello guys,
I am changing the tacacs server but when i have tried to modify (server-tacacs key) i received the message - % Permission denied for the role. Have someone seen this already?
Thanks!
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2018 08:46 PM
Just based on your post, i would say probably your new tacacs server authenticated you but pushed a role not existing on the Nexus or didn't pushed any role.
Can you give more details for your session please? Have you been authenticated against new tacacs? Which role did you received?
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2018 05:16 AM
Hi,
I will take the information about roles. I do not understand very well the roles config I am newbie in that.
Thanks for your support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2018 04:41 PM
You have to push a role to a user to say what rights he has, this means is he able to only view some configs and/or outputs OR is he able to modify the config.
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2018 07:21 AM
Francesco,
We are not connected to the tacacs and nobody here has the admin password, and than I will recover the admin access. I've never done this before and I will use this procedure:
I have one doubt.. of course I dont want to lose the config on startup.. Would you have some tips for that?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2018 06:21 PM
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2018 11:48 AM
Hi
I am facing a similar issue, when I do a "show user-account" I can see my role as "network-operator", I am using TACACS and ISE, I checked under User Identiy Groups and I am part of Network Admin but can't find whether it has the permission of network-admin , can anyone guide me to know where I can change or check this value on ISE?
user:username
roles:network-operator
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user account
Local login not possible
Will appreciate your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2018 08:43 AM
If you have ISE, do you ensure that you're pushing the role network-admin? If so, what the result in ISE logs, do you see it has been applied correctly?
Here a doc that may help with ISE and NX-OS:
https://community.cisco.com/t5/security-documents/how-to-ise-tacacs-configuration-for-cisco-nx-os-network-devices/ta-p/3631609?attachment-id=149531
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
