08-23-2007 07:38 AM - edited 03-10-2019 03:21 PM
I am trying to find the correct location in ACS 3.3 to add the following: roles="network-admin". We have our SAN switches using Tacacs+. When a user other than admin logins, you get the role as "network-operator". This doc Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x explains the role if you are using IOS/PIX Radius. Thank you.
Solved! Go to Solution.
08-23-2007 07:57 AM
Hi Ed,
Here is the link,
If you search for:
TACACS+ custom attributes can be defined on an Access Control Server (ACS) for various
services (for example, shell). Cisco MDS 9000 Family switches require the TACACS+ custom
attribute for the service shell to be used for defining roles.
Cisco ACS TACACS+
shell:roles="network-admin"
shell:roles*"network-admin"
cisco-av-pair*shell:roles="network-admin"
cisco-av-pair*shell:roles*"network-admin"
cisco-av-pair=shell:roles*"network-admin"
On the ACS, if you go to: Interface configuration, TACACS+ (Cisco IOS), place a check nex to: " Display a window for each service selected in which you can enter customized TACACS+ attributes".
Then go into Group Setup and define the role information according to the above attributes.
Hope that helps
Regards,
~JG
08-23-2007 07:57 AM
Hi Ed,
Here is the link,
If you search for:
TACACS+ custom attributes can be defined on an Access Control Server (ACS) for various
services (for example, shell). Cisco MDS 9000 Family switches require the TACACS+ custom
attribute for the service shell to be used for defining roles.
Cisco ACS TACACS+
shell:roles="network-admin"
shell:roles*"network-admin"
cisco-av-pair*shell:roles="network-admin"
cisco-av-pair*shell:roles*"network-admin"
cisco-av-pair=shell:roles*"network-admin"
On the ACS, if you go to: Interface configuration, TACACS+ (Cisco IOS), place a check nex to: " Display a window for each service selected in which you can enter customized TACACS+ attributes".
Then go into Group Setup and define the role information according to the above attributes.
Hope that helps
Regards,
~JG
08-23-2007 08:59 AM
That was the solution. Thank you
08-23-2007 09:01 AM
Ed,
Nice to know that. Please mark it resolved so other can benifit from it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: