05-28-2010 12:17 PM - edited 03-10-2019 05:10 PM
I have users that require multiple custom attributes under the TACACS configuration. Below are the two that are required, one is for Cisco UCS and the other is for MDS. My question is what is the format to get both of them to work for the same user? Individually they work fine, but when both are configured for the same user, the UCS "admin" privilage seems to work, but I'm only able to get "read" for the MDS. I've had this working before, and can't figure out what the trick was the first time around. Thanks.
cisco-av-pair*shell:roles*"admin"
shell:roles=“network-admin vsan-admin”
05-29-2010 08:01 AM
You can also configure optional custom attributes to avoid conflicts with non-MDS Cisco switches using the same AAA servers.
cisco-av-pair*shell:roles*"network-admin vsan-admin"
Configuring TACACS+: on cisco MDS 9000
http://www.cisco.com/en/US/partner/products/ps5989/products_configuration_guide_chapter09186a008049b8ed.html#wp1244464
If you have this Cisco-av-pair:
cisco-av-pair*shell:roles*"admin" --> Then it means it's optional, this would be the preferred method.
You can get a list of roles on UCS:
http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/gui/CLI_Config_Guide_chapter9.html#concept_E41FB2D2F363406EAC1011CC59B5D4BB
HTH
JK
Do rate helpful posts-
08-24-2010 06:44 AM
Hi there,
We are looking at seting up UCS on TACACS.
The one question I can't find in the documentation is what happens when TACACS server fail?
One would assume that it would fall back to Local but I can't seem to find this information.
Regards - TN.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: