Greetings, I know that CW Common Services 3.3 does not work with pre-defined roles on ACS AAA. So I followed these forums and enabled non-ACS AAA and selected TACACS+. I have a single rule that is matching in my ACS (after looking at the audit trail): Authentication Details Status: Passed Failure Reason: Logged At: Jan 10, 2012 11:56 PM ACS Time: Jan 10, 2012 11:56 PM ACS Instance: Hou-ACS Authentication Method: PAP_ASCII Authentication Type: ASCII Privilege Level: 1 User Username: xxxxx.xxxxx Remote Address: 10.250.xxx.xxx Network Device Network Device: fw1.outside.hq.hou.tx.us Network Device IP Address: 10.250.xxx.xxx Network Device Groups: Device Type:All Device Types, Location:All Locations Access Policy Access Service: ad.security.sgITnetworkM Identity Store: AD1 Selected Shell Profile: Priv15 Active Directory Domain: corp.org Identity Group: All Groups Access Service Selection Matched Rule : networkEngineer Identity Policy Matched Rule: Default Selected Identity Stores: AD1 Query Identity Stores: Selected Query Identity Stores: Group Mapping Policy Matched Rule: Default Authorization Policy Matched Rule: Rule-1 Authorization Exception Policy Matched Rule: As you may have noticed even though it is matching an access service that allows Priv15. That doesn't seem to be passing through as you can see on top I am only receiving Priv 1. What can I do to properly pass through the access service profile?
... View more