vADC Forum

Reply
N/A
Posts: 1
Registered: ‎11-29-2012

TACACS+ authentication with Cisco ACS

Has anyone successfully configured the stingray to authenticate against Cisco ACS and can provide more insight behind whats required with groupsvc and groupfield? The errors I am getting when I leave the defaults on there is this:

 

Created TACACSPlus connection to

Authentication SUCCEEDED

 No tacacsplus!fallbackgroup defined

 No groups returned by authenticator

Brocadian
Posts: 227
Registered: ‎11-29-2012

Re: TACACS+ authentication with Cisco ACS

Jack,

  Welcom to the Riverbed Communities Site!  The fields you are asking about are documented in the STM 8.1 User Guide () on page 232.  I have extracted the relevant section below:

 

TACACS+ Authenticators

TACACS+ authenticators have the following configurable settings:

tacacsplus!server The IP or hostname of the TACACS+ server.
tacacsplus!port The port to connect to the TACACS+ server on.
tacacsplus!timeout The timeout period (in seconds) for a connection to the TACACS+ server.
tacacsplus!secret The secret key shared with the TACACS+ server.
tacacsplus!authtype The authentication type to use. This can be PAP or ACSII.
tacacsplus!groupsvc The TACACS+ "service" that provides each user's group field.
tacacsplus!groupfield The TACACS+ "service" field that provides each user's group.
tacacsplus!fallbackgroup If tacacsplus!groupsvc is not defined, or no group value is provided for the user by the TACACS+ server, the group specified here will be used. If this is not specified, users with no TACACS+ defined group will be denied access.

These setting are used for group membership extraction from ACS and mapping them to STM administration roles. If no groups are returned, there is a fallback group override in the tacacsplus!failbackgroup setting (ie: by default, give admin access to STM, or by default read-only access etc...)

 

Does this answer your question?

N/A
Posts: 1
Registered: ‎11-29-2012

Re: TACACS+ authentication with Cisco ACS

I am getting the same error message. Can you please share if you were able to fugure out what goes into groupsvc and groupfield?

N/A
Posts: 1
Registered: ‎11-30-2012

Re: TACACS+ authentication with Cisco ACS

I believe it depends on the type of ser ver your ACS is authenticating against. In my case I'm authenticating through ACS back to Active Directory.  For the groupsvc field I entered the AD group I want to allow to connect and left groupfield the default of permission-group

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.