[tac_plus] Integration between TACACS+ and Cisco ACI
Vladi_slav Vassilev
vladi_slav at abv.bg
Tue Oct 20 09:28:48 UTC 2020
Hello Team,
Could you please help us? We are
trying to integrate Cisco ACI with shrubbery TACACS+ (version - tac_plus-4.0.3-2.i386.rpm).
Unfortunately not successfully, our TACAC+ config is as follows:
host =
EO_devices {
key = test
address = 10.10.10.10
}
group =
admin_EO_ACI {
default service = permit
service = shell {
set
domains=all/read-all
}
}
user = user
{
member = admin_EO_ACI at EO_devices
In the log we see - <i style="mso-bidi-font-style:
normal"> authentication.log:2020-10-20 12:09:58 +0300
10.10.10.10: pap login for 'gosho' from 100.100.100.100
on REST failed (denied)
Cisco’s doc - https://community.cisco.com/t5/data-center-documents/configuring-tacacs-authentication-to-aci-fabric-with-cisco-acs/ta-p/3228328
we see that we need to add Unix ID after domains=all… we tried the result was
the sam:
group = admin_EO_ACI {
default service = permit
service = shell {
domains=all/admin/(16005)
} }
BR,
Vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20201020/9fdd155b/attachment.htm>
More information about the tac_plus
mailing list