Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
1
Replies

Cisco CSS AAA with ACS server

sadcock123
Level 1
Level 1

‎06-29-2009 12:09 AM - edited ‎03-06-2019 06:30 AM

Hello,

I have applied the below config to my CSS:-

virtual authentication primary tacacs

virtual authentication secondary local

tacacs-server key spire_tacacs

tacacs-server account config

tacacs-server x.x.x.x 49 primary

tacacs-server authorize config

Everything works with regards to authentication back to the ACS. Problem is when I create a new user and group with a specific command set, the CSS fails and in the log of the ACS under failed attempts it says that author failed with command denied (service=shell cmd=privilege).

The same command set works with a Cisco 4500/6500/7200 (you get the idea), but not the CSS. The only way it works is if you permit all commands which is not what I need.

Has anyone got any idea's on this?

Cheers

Steven

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 6
Level 6

‎07-03-2009 11:42 AM

To add a user to a group, go to the User Setup section of the Cisco Secure ACS HTML interface:

•On the User Setup Select page, specify a username.

•On the User Setup Edit page, specify the following:

-Password Authentication - Select an applicable authentication type from the list.

-Password - Specify and confirm a password.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card