Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco CSS AAA with ACS server

Hello,

I have applied the below config to my CSS:-

virtual authentication primary tacacs

virtual authentication secondary local

tacacs-server key spire_tacacs

tacacs-server account config

tacacs-server x.x.x.x 49 primary

tacacs-server authorize config

Everything works with regards to authentication back to the ACS. Problem is when I create a new user and group with a specific command set, the CSS fails and in the log of the ACS under failed attempts it says that author failed with command denied (service=shell cmd=privilege).

The same command set works with a Cisco 4500/6500/7200 (you get the idea), but not the CSS. The only way it works is if you permit all commands which is not what I need.

Has anyone got any idea's on this?

Cheers

Steven

1 REPLY
Silver

Re: Cisco CSS AAA with ACS server

To add a user to a group, go to the User Setup section of the Cisco Secure ACS HTML interface:

•On the User Setup Select page, specify a username.

•On the User Setup Edit page, specify the following:

-Password Authentication - Select an applicable authentication type from the list.

-Password - Specify and confirm a password.

245
Views
0
Helpful
1
Replies