I am trying to get the ACS 5.3 to work with NCS but cannot make it work correctly.
I have looked at this link -
But this does not show how the ACS referencing AD groups would work when determining
which custom attributes to use.
On the ACS 5.3 i have set up the following -
The ad is working and in Users and identity stores/External identity stores/Active Directory then my AD test works fine.
I have set up the Users and Identity stores/Identity Groups with appropriate ip s.
I have configured the Network Device Groups/Network Devices and AAA Clients with the ip address and Authenication optionsA
In Policy Elements/Authorisation and Permissions/device administration/shell profiles
I have creeated a shell profile called network shell pro
which das a common tasks of def priv = 0 and max priv = 15
Custom attributes of the following -
role0 Mandatory Admin
task7 Mandatory Administration Menu Access
task69 Mandatory Home menu access
virtual-domain1 Mandatory CRUK
task80 Mandatory License Check
virtual-domain0 Mandatory ROOT-DOMAIN
IN Access Policies/Access services/Default Device Admin
i have identity and Authorisation ticked -
identity = AD1
name AD1:External groups Compound Condition NDG:Device Type NDG:Location time/date identity group shell profile
Rule-1 ANY AD Group In all device types:Cisco Prime Any any any network shell pro
Now i can get into the NCS but i do not see any of the administration buttons on NCS - so
this means the custom attributes are not working.
Any ideas on why this is not working - i shouldnt need a user for this on the ACS as its using AD !!!
Thanks in Advance