Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.1 authentication issue from cross domain user

Hi All,

         we have cross domain trust relationship established and I have added the user group in our ACS 5.1. we are using Active directory as an external Identity store. Also I have created a rule in the 'Access polices' to allow the user group. From the cross domain, I use abc@xxx.xyz as a user id, but I get this error message

13036 Selected Shell Profile is DenyAccess

Your quick help will be appreciated.

Rgds

HK

3 REPLIES
Cisco Employee

ACS 5.1 authentication issue from cross domain user

It would be worth seeing at which point this is failing

Go to Monitoring & Reports > Reports > Catalog > AAA Protocol and select "TACACS_Authentication" and then select the "Details" icon. This should give the detailed steps performed during the processing of the flow

New Member

ACS 5.1 authentication issue from cross domain user

Hi Jrabinow,

                   Thanks for your reply and information. I have sorted out the issue, which was in path defined in (Access polices) rules section. After correction, the cross domain user has got access and permitted.

Thx

Hid

New Member

ACS 5.1 authentication issue from cross domain user

My friend's problem was access policy in Shell profiles, more hugs by the way has already solved.

3839
Views
0
Helpful
3
Replies
CreatePlease login to create content