ACS + Device Authorization Failure

Unanswered Question
Jul 1st, 2008
User Badges:

Good Afternoon:

I hoping someone can help me out... I have an ACS configured with a group that is setup for admins. This group is mapped to an AD group. This is setup correctly. On each network device are the commands:


aaa authorization exec default group tacacs+ if-authenticated


I can create a local user and place them into the aformentioned group and the TACACs authentication and authorization work fine. However, I cannot use that same local group mapped to a AD group and a user in that group. It passes authentication but I get an authorization failure in my logs (ACS) and a authorization failed message on the device.


Any ideas?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hadbou Mon, 07/07/2008 - 09:42
User Badges:
  • Bronze, 100 points or more

ACS has extensive logging capabilities that allow an administrator to troubleshoot any issue pertaining to the ACS server itself (for example, replication) or an AAA request problem (for example, an authentication problem) from NAS.


Refer the following url for more info on troubleshooting ACS:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_Trble.html

Actions

This Discussion