Cisco 4700M Configuration Manual page 84

Configuring the AAA Server
To configure the TACACS+ role and domain settings on Cisco Secure ACS,
perform the following steps:
Go to the Interface Configuration section of the Cisco Secure ACS HTML
Step 1
interface and access the TACACS+ (Cisco IOS) page. Perform the following
actions:
Step 2 Go to the Advanced Options page of the Interface Configuration section of the
Cisco Secure ACS HTML interface. Perform the following actions:
Go to the User Setup section of the Cisco Secure ACS HTML interface and
Step 3
double-click the name of an existing user that you want to define a user profile
attribute for virtualization. The User Setup page appears.
Under the TACACS+ Settings section of the page, configure the following
Step 4
settings:
•
•
•
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-14
Under the TACACS+ Services section of the page, the User column or the
a.
Group column depending on your configuration, check the Shell (exec)
check box.
Under the Advanced Configuration Options section of the page, check
b.
the Display a window for each service selected in which you can enter
customized TACACS+ attributes check box.
Click Submit.
c.
Check the Per-user TACACS+/RADIUS Attributes check box.
a.
Click Submit.
b.
Check the Shell (exec) check box.
Check the Custom attributes check box.
In the text box under the Custom attributes, enter the user role and associated
domain for a specific context in the following format:
shell:<contextname>=<role> <domain1> <domain2>...<domainN>
For example, to assign the selected user to the C1 context with the role
ROLE1 and the domain DOMAIN1, enter shell:C1=ROLE1 DOMAIN1.
You can also substitute an asterisk (*) for the equals sign (=) as follows:
shell:<contextname>*<role> <domain1> <domain2>...<domainN>
Use the above shell string if you are also using Cisco IOS command
authorization.
Chapter 2 Configuring Authentication and Accounting Services
OL-16202-01