05-16-2006 09:16 AM
I am having issues authentication with network-admin privileges via TACACS on the MDS. I defined the custom av attribute in the tacacs settings on acs as follows:
cisco-av-pair=shell:roles="network-admin"
For some reason it doesn't seem like the AV pair is passing to the MDS and I always am given network-operator privileges.
Any ideas on what I could check?
05-16-2006 09:30 AM
Try this AV Pair instead:
cisco-av-pair*shell:roles="network-admin"
05-16-2006 11:53 AM
Still no luck. I do see the following entry in the messages:
Trap (DE)Register at /1.1.1.1 failed. Permission denied or feature disabled.
Could that have anything to do with the MDS not accepting the AV pair?
05-16-2006 04:27 PM
Yes, sounds like you need a little more involvement then this forum offers. So, if you do not have a key between the mds and the tacacs server, go ahead and get a sniffer trace showing a login. Get a debug aaa all at the same time. Depending on who your support is with-->an OSM or Cisco, go ahead and open support case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide