AAA Issues
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Verifying TACACS+ Server Groups Using the CLI
To verify or change the TACACS+ server groups using the CLI, follow these steps:
Step 1
Use the show running-config command to view the TACACS+ configuration for the server groups.
switch# show running-config | begin aaa
aaa group server radius RadiusGroup
aaa group server tacacs TacacsGroup
Use the aaa group server tacacs command to configure the TACACS+ servers that you want in this
Step 2
server group.
Note
User Is Not in Any Configured Role
Symptom
Table 17-3
User Is Not In Any Configured Role
Symptom
Possible Cause
User is not in any
User configuration on AAA server does
configured role.
not have role attributes set.
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
17-10
server 10.1.1.1
server 10.2.3.4
server 11.5.4.3
server 11.6.5.4
CFS does not distribute AAA server groups. You must copy this configuration to all relevant
switches in the fabric.
User is not in any configured role.
Chapter 17
Solution
For RADIUS, configure the vendor-specific attributes on the
server for the role using:
Cisco-AVPair = shell:roles=" rolename1 rolename2"
For TACACS+, configure the attribute and value pair on the
server for the role using:
roles=" rolename1 rolename2"
Verify that all roles are defined on the switch.
Troubleshooting RADIUS and TACACS+
.
.
OL-9285-05