Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DCNM 6.2.1 authentication with ACS 5.3

Hello,

I registered DCNM 6.2.1 to ACS 5.3 with TACACS+ protocol. Now i´m unable to get administrative rights on DCNM, the user that i´m using is located at ACS 5.3 with administrative privileges, but no administrative rights when logging into DCNM.

Maybe i'm missing some special attribute on ACS...not sure...

Thanks folks,

1 REPLY
New Member

DCNM 6.2.1 authentication with ACS 5.3

Rafael,

I had the same issue.  You need to go into ACS and create a custom Shell Profile (Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles), flip to the "Custom Attributes" tab, and add the following:

Attribute: cisco-av-pair

Requirement: Mandatory

Attribute Value: Static

Value: shell:roles="network-admin"

...although if you want a non-admin or DCNM "User" role, you would use the following instead:

Value: shell:roles="network-operator"

Save that.  Then make sure your Device Admin Authorization Policy (Access Policies > Access Services > Default Device Admin > Authorization) references that Shell Profile in the "Results" section.

I'm using DCNM version 6.2(5) and this works.

Here's a useful link for more info: http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bf5512.shtml

1055
Views
0
Helpful
1
Replies