ACS 5.1 and ACE authentication

Answered Question
Aug 26th, 2010

Any guidance on configuring the shell profile for RBAC on ACS5.1 for ACE or Nexus 1000v? I've configured 4.x before with ACE and it works fine, but I can't seem to get it to work right with 5.1.  On the Nexus it always logs me in as vdc-operator.  On ACS 4.x I had to create the custom shell attribute as below for ACE.

shell:Admin*Admin default-domain

I have this problem too.
0 votes
Correct Answer by jrabinow about 6 years 5 months ago

Go the shell profile definitions

- Select custom attributes tab

- In data entry field at the bottom enter:

Attribute:   shell:Admin

Value: Admin default-domain

Requirement: Optional

Press "Add" to add to list and then "Submit" to save

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
jrabinow Thu, 08/26/2010 - 12:24

Go the shell profile definitions

- Select custom attributes tab

- In data entry field at the bottom enter:

Attribute:   shell:Admin

Value: Admin default-domain

Requirement: Optional

Press "Add" to add to list and then "Submit" to save

David Niemann Thu, 08/26/2010 - 13:35

That worked perfectly for the ACE.  I knew it was close, but the context was just different enough from the 4.x that I was guessing wrong.  What about for the Nexus roles? It keeps logging me in a vdc-operator.  I've tried Attribute   role:    and Value of network-admin with optional also.

jrabinow Thu, 08/26/2010 - 14:13

Did you have Nexus roles working with ACS 4.2? Do you know what attribute and value needs to be returned?

David Niemann Thu, 08/26/2010 - 17:21

No, this is a new experience for me with the Nexus.  The only thing I found was from the Nexus 7k documentation that mentions the role of network-admin must be assigned.  I actually wish they would be more specific regarding special configurations for interoperability with ACS.

David Niemann Fri, 08/27/2010 - 06:24

I ended up opening a TAC case and got the proper attributes.

Attribute would be "shell:roles"

Requirement is Optional

Value is "network-admin"

or on ACS4.2 it would be shell:roles*"network-admin"

For any others that might use this info

Actions

This Discussion

Related Content