Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS + Device Authorization Failure

Good Afternoon:

I hoping someone can help me out... I have an ACS configured with a group that is setup for admins. This group is mapped to an AD group. This is setup correctly. On each network device are the commands:

aaa authorization exec default group tacacs+ if-authenticated

I can create a local user and place them into the aformentioned group and the TACACs authentication and authorization work fine. However, I cannot use that same local group mapped to a AD group and a user in that group. It passes authentication but I get an authorization failure in my logs (ACS) and a authorization failed message on the device.

Any ideas?

Thanks!

1 REPLY
Bronze

Re: ACS + Device Authorization Failure

ACS has extensive logging capabilities that allow an administrator to troubleshoot any issue pertaining to the ACS server itself (for example, replication) or an AAA request problem (for example, an authentication problem) from NAS.

Refer the following url for more info on troubleshooting ACS:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_Trble.html

206
Views
0
Helpful
1
Replies