MDS9500 - TACACS

Unanswered Question
May 16th, 2006
User Badges:

I am having issues authentication with network-admin privileges via TACACS on the MDS. I defined the custom av attribute in the tacacs settings on acs as follows:


cisco-av-pair=shell:roles="network-admin"


For some reason it doesn't seem like the AV pair is passing to the MDS and I always am given network-operator privileges.


Any ideas on what I could check?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tblancha Tue, 05/16/2006 - 09:30
User Badges:
  • Cisco Employee,

Try this AV Pair instead:


cisco-av-pair*shell:roles="network-admin"



robertsmichael Tue, 05/16/2006 - 11:53
User Badges:

Still no luck. I do see the following entry in the messages:


Trap (DE)Register at /1.1.1.1 failed. Permission denied or feature disabled.


Could that have anything to do with the MDS not accepting the AV pair?

tblancha Tue, 05/16/2006 - 16:27
User Badges:
  • Cisco Employee,

Yes, sounds like you need a little more involvement then this forum offers. So, if you do not have a key between the mds and the tacacs server, go ahead and get a sniffer trace showing a login. Get a debug aaa all at the same time. Depending on who your support is with-->an OSM or Cisco, go ahead and open support case.

Actions

This Discussion

 

 

Trending Topics: Storage Networking