Hi
Although i configured the aaa stuff on the Nexus5k and the ACS with the Shell exec and role information i still end up with the default role "network-operator" in the Nexus
I attached the main configuration for this feature.
Does anybody has an idea where the problem could be found.
Apparently the output of the debug aaa all is not very usfull - in this case NX-OS is not like IOS
ACS 4.2 Configuration:
User Config:
shell exec (enabled)
shell:roles*"network-admin" (actually i tried also the shell:roles="network-admin")
After Login - the output of the command "show user-account" says:
user:ude3964
roles:network-operator
account created through REMOTE authentication
AAA Configuration:
rzsgwu3s097# sh run aaa
version 4.1(3)N2(1a)
aaa authentication login default group tacacs local
aaa authentication login console group tacacs local
aaa authorization config-commands default group tacacs
aaa authorization commands default group tacacs
aaa authentication login error-enable
tacacs-server directed-request
rzsgwu3s097# sh run tacacs+
version 4.1(3)N2(1a)
feature tacacs+
tacacs-server timeout 3
tacacs-server host 172.28.193.35 key 7 "xx"
aaa group server tacacs+ tacacs
server 172.28.193.35
source-interface Vlan501
In the ACS passed Authentication Report everything looks fine.
Any hints?
Cheers
Patrick