Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS4.2, NX-OS und Cisco AV-Pair

Hi

Although i configured the aaa stuff on the Nexus5k and the ACS with the Shell exec and role information i still end up with the default role "network-operator" in the Nexus

I attached the main configuration for this feature.

Does anybody has an idea where the problem could be found.

Apparently the output of the debug aaa all is not very usfull - in this case NX-OS is not like IOS

ACS 4.2 Configuration:

User Config:

shell exec (enabled)

shell:roles*"network-admin"  (actually i tried also the shell:roles="network-admin")

After Login - the output of the command "show user-account" says:

user:ude3964
        roles:network-operator
account created through REMOTE authentication

AAA Configuration:

rzsgwu3s097# sh run aaa
version 4.1(3)N2(1a)
aaa authentication login default group tacacs local
aaa authentication login console group tacacs local
aaa authorization config-commands default group tacacs
aaa authorization commands default group tacacs
aaa authentication login error-enable
tacacs-server directed-request

rzsgwu3s097# sh run tacacs+
version 4.1(3)N2(1a)
feature tacacs+

tacacs-server timeout 3

tacacs-server host 172.28.193.35 key 7 "xx"
aaa group server tacacs+ tacacs
    server 172.28.193.35
    source-interface Vlan501

In the ACS passed Authentication Report everything looks fine.

Any hints?

Cheers

Patrick

1 REPLY
Cisco Employee

Re: ACS4.2, NX-OS und Cisco AV-Pair

On ACS set the log level detail to full, reproduce the problem, collect a package.cab, then look at the auth.log and TCS.log files, see if any hints appear there.

Also, consider capturing the traffic between the NX-OS switch and ACS, to see what ACS is receiving from the switch and what is sending back.

320
Views
0
Helpful
1
Replies