I am trying to find the correct location in ACS 3.3 to add the following: roles="network-admin". We have our SAN switches using Tacacs+. When a user other than admin logins, you get the role as "network-operator". This doc Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x explains the role if you are using IOS/PIX Radius. Thank you.
Here is the link,
If you search for:
TACACS+ custom attributes can be defined on an Access Control Server (ACS) for various
services (for example, shell). Cisco MDS 9000 Family switches require the TACACS+ custom
attribute for the service shell to be used for defining roles.
Cisco ACS TACACS+
On the ACS, if you go to: Interface configuration, TACACS+ (Cisco IOS), place a check nex to: " Display a window for each service selected in which you can enter customized TACACS+ attributes".
Then go into Group Setup and define the role information according to the above attributes.
Hope that helps