Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACE and TACACS+ auth

I'm having to use the free TACACS+ in an environment to configure authentication for all the network devices.  I have all the routers and switches working just fine, but am having issue with getting the ACE to use TACACS.  I've configured ACE to authenticate to an ACS server by adding the additional shell custom attributes (shell:Admin*Admin default-domain) and this worked fine.  I found in some documentation on TACACS+ that described how to add this similar attribute to the tac_plus.conf file, but it doesn't seem to want to work. My aaa config from the ACE as well as the tac_plus.conf file content below.  I know the AAA is working with this TACACS server as the accounting functions properly.

ACE AAA

tacacs-server host 10.1.0.202 key 7 <removed>
aaa group server tacacs+ TAC_AUTH
  server 10.1.0.202

!

aaa authentication login default group TAC_AUTH local

aaa authentication login console group TAC_AUTH local
aaa accounting default group TAC_AUTH local

tac_plus.conf

#----------------------------------------------------------------------#
# Accounting Logs
#----------------------------------------------------------------------#
accounting file = /data/tacacs.log

#----------------------------------------------------------------------#
# Server Key
#----------------------------------------------------------------------#
key = <removed>

#----------------------------------------------------------------------#
# ACL
#----------------------------------------------------------------------#
acl = auth_routers {
                      permit = .*
}

#----------------------------------------------------------------------#
# Groups
#----------------------------------------------------------------------#
group = admin {

    login = file /etc/passwd
    acl = auth_routers

    service = exec {
                     optional shell:Admin = "Admin default-domain"
                   }

}

#----------------------------------------------------------------------#
# Users
#----------------------------------------------------------------------#

user = admin1 {
     default service = permit
     member = admin
}

user = admin2 {
     default service = permit
     member = admin
}
user = admin3 {
     default service = permit
     member = admin
}

Everyone's tags (2)
1 REPLY
Community Member

Re: ACE and TACACS+ auth

Anyone?

1133
Views
0
Helpful
1
Replies
CreatePlease to create content