04-18-2012 06:04 PM
Has anyone successfully configured the stingray to authenticate against Cisco ACS and can provide more insight behind whats required with groupsvc and groupfield? The errors I am getting when I leave the defaults on there is this:
Created TACACSPlus connection to
No tacacsplus!fallbackgroup defined
No groups returned by authenticator
04-25-2012 04:21 PM
Welcom to the Riverbed Communities Site! The fields you are asking about are documented in the STM 8.1 User Guide () on page 232. I have extracted the relevant section below:
TACACS+ authenticators have the following configurable settings:
tacacsplus!server The IP or hostname of the TACACS+ server.
tacacsplus!port The port to connect to the TACACS+ server on.
tacacsplus!timeout The timeout period (in seconds) for a connection to the TACACS+ server.
tacacsplus!secret The secret key shared with the TACACS+ server.
tacacsplus!authtype The authentication type to use. This can be PAP or ACSII.
tacacsplus!groupsvc The TACACS+ "service" that provides each user's group field.
tacacsplus!groupfield The TACACS+ "service" field that provides each user's group.
tacacsplus!fallbackgroup If tacacsplus!groupsvc is not defined, or no group value is provided for the user by the TACACS+ server, the group specified here will be used. If this is not specified, users with no TACACS+ defined group will be denied access.
These setting are used for group membership extraction from ACS and mapping them to STM administration roles. If no groups are returned, there is a fallback group override in the tacacsplus!failbackgroup setting (ie: by default, give admin access to STM, or by default read-only access etc...)
Does this answer your question?
10-25-2012 01:34 PM
I believe it depends on the type of ser ver your ACS is authenticating against. In my case I'm authenticating through ACS back to Active Directory. For the groupsvc field I entered the AD group I want to allow to connect and left groupfield the default of permission-group