Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1397
Views
0
Helpful
1
Replies

ACE and TACACS+ auth

David Niemann
Level 3
Level 3

‎06-09-2010 07:39 AM

I'm having to use the free TACACS+ in an environment to configure authentication for all the network devices.  I have all the routers and switches working just fine, but am having issue with getting the ACE to use TACACS.  I've configured ACE to authenticate to an ACS server by adding the additional shell custom attributes (shell:Admin*Admin default-domain) and this worked fine.  I found in some documentation on TACACS+ that described how to add this similar attribute to the tac_plus.conf file, but it doesn't seem to want to work. My aaa config from the ACE as well as the tac_plus.conf file content below.  I know the AAA is working with this TACACS server as the accounting functions properly.

ACE AAA

tacacs-server host 10.1.0.202 key 7 <removed>
aaa group server tacacs+ TAC_AUTH
  server 10.1.0.202

!

aaa authentication login default group TAC_AUTH local

aaa authentication login console group TAC_AUTH local
aaa accounting default group TAC_AUTH local

tac_plus.conf

#----------------------------------------------------------------------#
# Accounting Logs
#----------------------------------------------------------------------#
accounting file = /data/tacacs.log

#----------------------------------------------------------------------#
# Server Key
#----------------------------------------------------------------------#
key = <removed>

#----------------------------------------------------------------------#
# ACL
#----------------------------------------------------------------------#
acl = auth_routers {
                      permit = .*
}

#----------------------------------------------------------------------#
# Groups
#----------------------------------------------------------------------#
group = admin {

    login = file /etc/passwd
    acl = auth_routers

    service = exec {
                     optional shell:Admin = "Admin default-domain"
                   }

}

#----------------------------------------------------------------------#
# Users
#----------------------------------------------------------------------#

user = admin1 {
     default service = permit
     member = admin
}

user = admin2 {
     default service = permit
     member = admin
}
user = admin3 {
     default service = permit
     member = admin
}

1 person had this problem
Labels:
0 Helpful
1 Reply 1

David Niemann
Level 3
Level 3

‎08-11-2010 12:10 PM

Anyone?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents