Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Lobby Ambassador Profiles in ACS 5.3

We've set our WCS up to do AAA through our ACS 5.3 which works great. So in order to log into the WCS for Administration or as a Lobby Ambassador (to create guest users etc) the AAA is all done by the ACS, GREAT!

I have assigned a set of users the Lobby Ambassador role as passed that back through TACACS to the WCS, so those users have their role setup as Lobby Ambassador and are limited from doing anything else, as expected.

What I want to know is: With normal local AAA on the WCS, when you created a Lobby Ambassador account, you could give the account a set of defaults for any guests accounts created by that Lobby Ambassador account, which was good, so Lobby Ambassadors couldn't set up unlimited time accounts and stuff like that.

What I want to know now is that since I'm now doing all the AAA on the ACS, is there an attribute I can pass to the WCS in the Shell Profile, along with the roles etc telling the WCS what the guest user creation defaults for the Lobby Ambassador account is, so that we can continue to limit the defaults of any guest account that the Lobby Ambassador accounts create, as it used to be? We'd really like different lobby ambassadors to be able to do different things as well. i.e., Lobby Ambassador X can only create accounts for one region. Lobby Ambassador Y can create Unlimited time accounts where the others can not. We used to do this by assigning different guest user creation defaults to different lobby ambassador accounts on the WCS.

Help appreciated        

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions

Lobby Ambassador Profiles in ACS 5.3

Hi,

at the moment the only solution for your requirement is to create local NCS/WCS accounts with exactly the same username as existing in your ACS, no matter what password. Authentication will happen via TACACS+ while the defaults will be taken from the local user account. Please be aware that this mechanism is case sensitive.

Regards

Stefan

1 REPLY

Lobby Ambassador Profiles in ACS 5.3

Hi,

at the moment the only solution for your requirement is to create local NCS/WCS accounts with exactly the same username as existing in your ACS, no matter what password. Authentication will happen via TACACS+ while the defaults will be taken from the local user account. Please be aware that this mechanism is case sensitive.

Regards

Stefan

962
Views
5
Helpful
1
Replies
CreatePlease to create content