[tac_plus] Different AV pairs for the same service

Daniel Schmidt daniel.schmidt at wyo.gov
Mon May 15 20:11:08 UTC 2017


Have you considered using the after authentication "do_auth.py?"

On Mon, May 15, 2017 at 11:38 AM, Munroe Sollog <mus3 at lehigh.edu> wrote:

> I am using tacacs to aaa nexus equipment and now a firepower chassis
> manager.  My 'admins' group is configured like so:
>
> group = admins {
>         default service = permit
>         service = exec {
>              priv-lvl = 15
> #           optional shell:roles = "admin network-admin"
>              optional shell:roles = "network-admin"
>              optional shell:roles = "admin"
>              }
>         service = AMP {
>             role = "tacacs"
>         }
>         service = gigamon {
>         }
>
> }
>
> The problem is the nexus equipment uses the network-admin role while the
> firepower chassis manager uses the admin role.  While I can probably create
> one role on the other box, I was wondering if there was an easier way to
> resolve this issue.  As you see I have tried a space separated list as well
> as individual statements.
>
> For further reference here is the documentation on the firepower tacacs
> config:
>
> http://www.cisco.com/c/en/us/td/docs/security/firepower/
> fxos/fxos201/web-config/b_GUI_ConfigGuide_FXOS_201/user_
> management.html#concept_2770BFB3259042F5A4420595A0A6946C
>
>
>
>
> --
> Munroe Sollog
> Senior Network Engineer
> munroe at lehigh.edu
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/
> attachments/20170515/6acdab2b/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>

-- 

E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20170515/d3ad4235/attachment.html>


More information about the tac_plus mailing list