I am configuring ACS 5.0 and have some problem which I do not understand.
I have 3 policy created to access Cisco routers and switches.
I am trying to have authentication run trhough the AD then local DB if user not found in AD or AD not available.
I build 3 rules/policies for testing.
One policy configured with AD only. This one is working.
One policy with Local users only. This one is working as well.
And I am trying to have 3rd policy which combines first two rules.
And this one does not work.
I have access to the configured privilege level with policy 1 and 2.
And that access goes through authentication only. The access level granted on authentication pass only ( I can see it in the log).
But for the 3rd rule/policy. I can see that authentication passed (for both AD users and local users). But then it does not go through authorization.
Could you please help me out?
I must be missing something.
How Conditions works if I have more than one condition (in my case AD authentication or Local).
Why I did not get through the aothorisation stage in first 2 rules and bumped into it in the third rule.
Thank you.