Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
3
Replies

Adding a user role for SAN switches

Go to solution
edward.gillston
Level 1
Level 1

‎08-23-2007 07:38 AM - edited ‎03-10-2019 03:21 PM

I am trying to find the correct location in ACS 3.3 to add the following: roles="network-admin". We have our SAN switches using Tacacs+. When a user other than admin logins, you get the role as "network-operator". This doc Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x explains the role if you are using IOS/PIX Radius. Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎08-23-2007 07:57 AM

Hi Ed,

Here is the link,

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/san-os/configuration/guide/cradtac.html

If you search for:

TACACS+ custom attributes can be defined on an Access Control Server (ACS) for various

services (for example, shell). Cisco MDS 9000 Family switches require the TACACS+ custom

attribute for the service shell to be used for defining roles.

Cisco ACS TACACS+

shell:roles="network-admin"

shell:roles*"network-admin"

cisco-av-pair*shell:roles="network-admin"

cisco-av-pair*shell:roles*"network-admin"

cisco-av-pair=shell:roles*"network-admin"

On the ACS, if you go to: Interface configuration, TACACS+ (Cisco IOS), place a check nex to: " Display a window for each service selected in which you can enter customized TACACS+ attributes".

Then go into Group Setup and define the role information according to the above attributes.

Hope that helps

Regards,

~JG

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎08-23-2007 07:57 AM

Hi Ed,

Here is the link,

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/san-os/configuration/guide/cradtac.html

If you search for:

TACACS+ custom attributes can be defined on an Access Control Server (ACS) for various

services (for example, shell). Cisco MDS 9000 Family switches require the TACACS+ custom

attribute for the service shell to be used for defining roles.

Cisco ACS TACACS+

shell:roles="network-admin"

shell:roles*"network-admin"

cisco-av-pair*shell:roles="network-admin"

cisco-av-pair*shell:roles*"network-admin"

cisco-av-pair=shell:roles*"network-admin"

On the ACS, if you go to: Interface configuration, TACACS+ (Cisco IOS), place a check nex to: " Display a window for each service selected in which you can enter customized TACACS+ attributes".

Then go into Group Setup and define the role information according to the above attributes.

Hope that helps

Regards,

~JG

0 Helpful

Go to solution
edward.gillston
Level 1
Level 1
In response to Jagdeep Gambhir

‎08-23-2007 08:59 AM

That was the solution. Thank you

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to edward.gillston

‎08-23-2007 09:01 AM

Ed,

Nice to know that. Please mark it resolved so other can benifit from it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents