I seem to be having issues trying to use the same Policy on an internal group and a group within AD.
Under the Default Device Admin
-Identity - Setup a Tacacs rule for a group within AD (rule 1) and duplicated the rule for an internal group (rule 2).
-Authorization - Setup a rule that allows the internal group and the AD group to have Shell access privilege 15.
We have a group that uses AD and one that doesn't, they both need tacacs to the same devices.
When I try to use Tacacs, I can login with the AD account, but it won't accept my enable password. If I use the internal username, it doesn't work at all. If I make the internal Rule 1 and the AD Rule 2, then I can login with the internal (still won't accept my enable password)l, but not the AD account.
If I delete the rules for the the AD group, the internal group works just fine and I don't have to enter an enable password. And vice versa with having the AD group but not the internal. I've made sure that the accounts I'm using do not exist anywhere else.
What am I missing? It seems like it would be rather simple, but not sure what I might be over looking.
ACS 4.x would allow us to do this.
Thanks for your help and sorry if this comes across confusing.
Brock