Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring NCS and ACS 5.0 with AD and tacacs+

Hi All

I am trying to get the ACS 5.3 to work with NCS but cannot make it work correctly.

I have looked at this link -

http://www.cisco.com/en/US/products/ps6305/products_tech_note09186a0080b904a4.shtml

But this does not show how the ACS referencing AD groups would work when determining

which   custom attributes to use.

On the ACS 5.3 i have set up the following -

The ad is working and in        Users and identity stores/External identity stores/Active Directory then my AD test works fine.

I have set up the  Users and Identity stores/Identity Groups with appropriate ip s.

I have configured the Network Device Groups/Network Devices and AAA Clients with the ip address and Authenication optionsA

In Policy Elements/Authorisation and Permissions/device administration/shell profiles

I have creeated a shell  profile called network shell pro

which das a common tasks of def priv = 0 and max priv = 15

Custom attributes of the following -

role0     Mandatory         Admin

task7    Mandatory         Administration Menu Access

task69   Mandatory        Home menu access

virtual-domain1   Mandatory  CRUK

task80    Mandatory      License Check

virtual-domain0    Mandatory   ROOT-DOMAIN

IN Access Policies/Access services/Default Device Admin

i have identity and Authorisation ticked -

identity = AD1

Authorisation =

name      AD1:External groups          Compound Condition   NDG:Device Type                          NDG:Location time/date identity group shell profile

Rule-1      ANY                                AD Group                   In all device types:Cisco Prime     Any                   any        any               network shell pro

Now i can get into the NCS but i do not see any of the administration buttons on NCS - so

this means the custom attributes are not working.

Any ideas on why this is not working - i shouldnt need a user for this on the ACS as its using AD !!!

Thanks in Advance

Steve

Everyone's tags (7)
1 REPLY
Hall of Fame Super Silver

Re: Configuring NCS and ACS 5.0 with AD and tacacs+

Steve,

For root access via tacacs, there are 100+ attributes you need to enter for the shell profile. You can get that list from the WCS/NCS. Seems like tacacs is working, you just need to define more roles.

http://www.cisco.com/en/US/docs/wireless/ncs/1.0/configuration/guide/admin.html#wp1469168

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
591
Views
0
Helpful
1
Replies
CreatePlease to create content