Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACE with TACACS+ Issue

Trying to get ACE module and IOS devices to work with TACACS+. I have ACS v3.2.

The "optional" syntax does not work. Any idea if the argument is valid for the ACS version ?

service=exec

optional shell:Admin=Admin domain

Tried it with quotations but that didn't work either.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACE with TACACS+ Issue

Hi,

Here is a reference doc for configuring ACE for Tacacs+ authentication,

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.0

0_A1/configuration/security/guide/aaa.html#wp1321891

Under custom attribute for Tacacs+ we need to specify attribute as,

shell:Admin*ADMIN MYDOMAIN1

= means mandatory attribute

* means optional

Information on context/role/domain (Virtualization on ACE):

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.0

0_A1/configuration/virtualization/guide/ovrview.html

Default "role" on ACE:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.0

0_A1/configuration/virtualization/guide/ovrview.html#wp1051297

HTH

JK

Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
2 REPLIES
Cisco Employee

Re: ACE with TACACS+ Issue

Hi,

Here is a reference doc for configuring ACE for Tacacs+ authentication,

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.0

0_A1/configuration/security/guide/aaa.html#wp1321891

Under custom attribute for Tacacs+ we need to specify attribute as,

shell:Admin*ADMIN MYDOMAIN1

= means mandatory attribute

* means optional

Information on context/role/domain (Virtualization on ACE):

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.0

0_A1/configuration/virtualization/guide/ovrview.html

Default "role" on ACE:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.0

0_A1/configuration/virtualization/guide/ovrview.html#wp1051297

HTH

JK

Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: ACE with TACACS+ Issue

Cool thanks...that works now. The other yntax must not be compatible with my version.

243
Views
0
Helpful
2
Replies
CreatePlease to create content