TACACS+ and RADIUS Attribute Issues
TACACS+ and RADIUS Attribute Issues
Condition
TACACS+ and RADIUS
attributes do not appear on the
Group Setup page.
Novell NDS or Generic LDAP
Group Mapping not working
correctly.
User Guide for Cisco Secure ACS for Windows Server
A-16
Appendix A
Recovery Action
Ensure that you have at least one RADIUS or TACACS+ AAA
client configured in the Network Configuration section and that, in
the Interface Configuration section, you have enabled the attributes
you need to configure.
Some attributes are not customer-configurable in
Note
Cisco Secure ACS; instead, their values are set by
Cisco Secure ACS.
Beginning with Cisco Secure ACS version 2.3, some TACACS+
attributes no longer appear on the Group Setup page. This is because
IP pools and callback supersede the following attributes:
TACACS+
addr
addr-pool
callback-dialstring
Ascend RADIUS
8, Framed-IP-Address
19, Callback-Number
218, Ascend-Assign-IP-Pool
Additionally, these attributes cannot be set via database
synchronization, and ip:addr=n.n.n.n is not allowed as a Cisco
vendor-specific attribute.
Make sure you have correctly configured Group Mapping for the
applicable database. For more information, see
Mappings, page
12-11.
Troubleshooting Information for Cisco Secure ACS
Database Group
78-14696-01, Version 3.1