I hoping someone can help me out... I have an ACS configured with a group that is setup for admins. This group is mapped to an AD group. This is setup correctly. On each network device are the commands:
aaa authorization exec default group tacacs+ if-authenticated
I can create a local user and place them into the aformentioned group and the TACACs authentication and authorization work fine. However, I cannot use that same local group mapped to a AD group and a user in that group. It passes authentication but I get an authorization failure in my logs (ACS) and a authorization failed message on the device.