Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Prime NCS: TACACS+ Integration into ACS 5.1

Hello,

i'd like to integrate TACACS+ Integration into NCS.

I configured my ACS 5.1 correctly, but I get an "Access is denied to NCS" at the web login page. In the ACS i see a successful authentication.

Any ideas?

regards

Alex

Here is my Shell Profile Configuration

14 REPLIES
Hall of Fame Super Silver

Prime NCS: TACACS+ Integration into ACS 5.1

How do you have your servie-type configured on ACS.  It should be set to login.

-Scott
*** Please rate helpful posts ***
New Member

Prime NCS: TACACS+ Integration into ACS 5.1

Hi Scott,

thanks for your help,

it is set to Device Administration.

I can only choose Network Access, Device Administration and Radius Proxy

Hall of Fame Super Silver

Prime NCS: TACACS+ Integration into ACS 5.1

There is another setting somewhere in ACS to define the service type as login.  I will try to find it... might take some thime though, since I have to find a box to look at.

-Scott
*** Please rate helpful posts ***
New Member

Prime NCS: TACACS+ Integration into ACS 5.1

I finally could log in, but not the default Ambassador view.

Thats really strange. Here is the authorization result from my ACS server.

{Type=Authorization; Author-Reply-Status=PassAdd; AVPair=role0=Lobby Ambassador; AVPair=task0=GLOBAL; AVPair=task1=Lobby Ambassador User Preferences; AVPair=task2=Basic; AVPair=task3=Configure Guest Users; AVPair=task4=Check License; AVPair=virtual-domain0=ROOT-DOMAIN; }

Hall of Fame Super Silver

Prime NCS: TACACS+ Integration into ACS 5.1

Is the username (lobby admin) also part of another group by chance?

-Scott
*** Please rate helpful posts ***
New Member

Prime NCS: TACACS+ Integration into ACS 5.1

no, i started with an ACS user lobbyadmin, the last test i did where done with an active directory user called dersa. i mapped this user to an ACS User Group called NCS Lobby Ambassador.

I created also a shell profile for root, when i change the shell profile from NCS Lobby Ambassador to NCS Root Admin the user cannot log on anymore.

Hall of Fame Super Silver

Re: Prime NCS: TACACS+ Integration into ACS 5.1

I’m going to have to see how I have it setup in my lab.

-Scott
*** Please rate helpful posts ***
Cisco Employee

Prime NCS: TACACS+ Integration into ACS 5.1

Hi Alex,

What browser are you using ? If it's Internet Explorer, please install the "chrome frame" plugin & then try the login

Ram

New Member

Prime NCS: TACACS+ Integration into ACS 5.1

Hi,

i updated NCS to the latest release. It's working now. The problem was in the task list provided with the previous version. in the version the Task Lists were fixed.

thanks a lot for your support.

alex

New Member

Prime NCS: TACACS+ Integration into ACS 5.1

I'm having the exact problem you had. I copied the TACACS tast list and setup the access policy, but the thing isn't functioning correctly. The task list I have is the following:

role0=Lobby Ambassador

task0=Lobby Ambassador User Preferences

task1=Configure Guest Users

task2=License Check

I've also added the virtual domain to the list:

virtual-domain0=ROOT-DOMAIN

I'm current on the code rev. Is this your task list?

New Member

Prime NCS: TACACS+ Integration into ACS 5.1

Doh! Answered my own question. Looks like the virtual domain needs to be first.

New Member

Prime NCS: TACACS+ Integration into ACS 5.1

How do you integrate NCS to TACACS and use AD to define the "role". Do not want to have to create user in NCS in AAA, just use AD to authenticate the users that are already in a Group in AD.

Thanks much

New Member

Prime NCS: TACACS+ Integration into ACS 5.1

You map a group to the role. I hope that makes sense.

New Member

Re: Prime NCS: TACACS+ Integration into ACS 5.1

Yes that's correct. You map the AD users to roles.

Sent from Cisco Technical Support iPad App

3917
Views
10
Helpful
14
Replies