Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE Module Radius with ACS 4.2

Hi,

I am able to authenticate to my ACE modules via Radius, but when I login it does not give my Admin rights. Does anyone have a fix for this? My ACS admin has been working with TAC since last week to no avail.

John...

1 REPLY

Re: ACE Module Radius with ACS 4.2

You have to use a custom AV pair on TACACS server under user setup to make it work. ACE uses RBAC (role based Access Control) and for that you have to pass the context and User Role from Tacacs server to ACE to make it work.If there is no RBAC info is pushed from Tacacs server and user just get authenticated then the default role assigned by ACE is Network-Monitor.

Following steps (On tacacs server) will make it work

1. Select your user

2. goto tacas+ settings

3. Select " shell (exec)" checkbox

4. Select "custom attributes" checkbox

5. Type your context and role information in custom attrib box, using following format

shell:*

for e.g (if context name is Admin, domain is default-domain and you want to assign role "Admin" to this user )

shell:Admin*Admin default-domain

Hope it helps

Syed

196
Views
0
Helpful
1
Replies
CreatePlease to create content