05-16-2006 09:16 AM
I am having issues authentication with network-admin privileges via TACACS on the MDS. I defined the custom av attribute in the tacacs settings on acs as follows:
cisco-av-pair=shell:roles="network-admin"
For some reason it doesn't seem like the AV pair is passing to the MDS and I always am given network-operator privileges.
Any ideas on what I could check?
05-16-2006 09:30 AM
Try this AV Pair instead:
cisco-av-pair*shell:roles="network-admin"
05-16-2006 11:53 AM
Still no luck. I do see the following entry in the messages:
Trap (DE)Register at /1.1.1.1 failed. Permission denied or feature disabled.
Could that have anything to do with the MDS not accepting the AV pair?
05-16-2006 04:27 PM
Yes, sounds like you need a little more involvement then this forum offers. So, if you do not have a key between the mds and the tacacs server, go ahead and get a sniffer trace showing a login. Get a debug aaa all at the same time. Depending on who your support is with-->an OSM or Cisco, go ahead and open support case.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: