Hello Michel,could you be so kind and provide your config ?I,m beginning to test with NCSand AD and it would be easier for me to start with a working config.Best Regards!Juergen
ccie...@gmail.com--
Am Dienstag, 7. August 2012 13:47:29 UTC+2 schrieb Michel:First of all I would like to say thank you for a great product! After trying some other free tacacs servers we've found this one to be the best and most versatile of them especially with regards to Active Directory integration.
For those who might be interested I would like to share a simple service definition for using tac_plus with a Cisco Prime NCS server (formerly Cisco WCS).
In our configuration we have done the service definition under a group but it can also be done directly for a user. Authentication is done via Active Directory.
Tacacs configuration in Cisco Prime NCS is done using PAP as the authentication type with all other setting standard. The task definitions listed below in my example is for a super-user with full access to everything (virtual domains can be added successively below the currently listed two). For other task definitions you can get these from your Cisco Prime NCS server by going to Administration -> AAA -> User Groups and then exporting the task list for the wanted usergroup (you'll need to edit this to add " " to the task names and "set " at the start of the line.
If anyone needs to see the full tac_plus config with AD auth and everything I can provide this (after sanitizing it for sensitive information/IP's)
service = NCS {
default protocol = permit
set role = All
set role0 = Admin
set role1 = "Config Managers"
set role2 = "Super Users"
set role3 = "System Monitoring"
set task0="View Alerts and Events"
set task1="Device Reports"
set task2="RADIUS Servers"
set task3="Network Summary Reports"
set task4="Configure ACS View Servers"
set task5="Run Reports List"
set task6="View CAS Notifications Only"
set task7="Administration Menu Access"
set task8="Monitor Clients"
set task9="Monitor Media Streams"
set task10="Configure Guest Users"
set task11="Configure Lightweight Access Point Templates"
set task12="Monitor Chokepoints"
set task13="Maps Read Write"
set task14="Configure Access Points"
set task15="Virtual Domains List"
set task16="Users and Groups"
set task17="Migration Templates"
set task18="Saved Reports List"
set task19="Monitor Spectrum Experts"
set task20="Configure Autonomous Access Point Templates"
set task21="Audit Trails"
set task22="Client Location"
set task23="Monitor Access Points"
set task24="CleanAir Reports"
set task25="Configure Ethernet Switches"
set task26="Configure Ethernet Switch Ports"
set task27="TACACS+ Servers"
set task28="Autonomous AP Reports"
set task29="Mobility Service Management"
set task30="Performance Reports"
set task31="Help Menu Access"
set task32="Configure Controllers"
set task33="MSAP Reports"
set task34="Monitor Tags"
set task35="Scheduled set tasks and Data Collection"
set task36="Search Access"
set task37="Scheduled Configuration set tasks"
set task38="Configure WIPS Profiles"
set task39="Client Reports"
set task40="Services Menu Access"
set task41="Configure Templates"
set task42="System Settings"
set task43="Report Launch Pad"
set task44="Remove Clients"
set task45="Configure Config Groups"
set task46="Alarm Browser Access"
set task47="Mesh Reports"
set task48="High Availability Configuration"
set task49="License Center"
set task50="Lobby Ambassador Defaults Configuration"
set task51="Monitor Controllers"
set task52="Monitor Security"
set task53="Monitor Menu Access"
set task54="Track Clients"
set task55="Monitor Interferers"
set task56="Configure Switch Location Configuration Templates"
set task57="Configure WiFi TDOA Receivers"
set task58="TAC Case Attachment Tool"
set task59="Voice Audit Report"
set task60="Global SSID Groups"
set task61="Report Run History"
set task62="Compliance Reports"
set task63="Maps Read Only"
set task64="Disable Clients"
set task65="WIPS Service"
set task66="Security Reports"
set task67="Configure Spectrum Experts"
set task68="Appliance"
set task69="View Security Index Issues"
set task70="Home Menu Access"
set task71="ContextAware Reports"
set task72="Monitor WiFi TDOA Receivers"
set task73="Health Monitor Details"
set task74="User Preferences"
set task75="Guest Reports"
set task76="Logging"
set task77="Automated Feedback"
set task78="Identity Search Engine"
set task79="Delete and Clear Alerts"
set task80="Email Notification"
set task81="License Check"
set task82="Rogue Location"
set task83="Identify Unknown Users"
set task84="Reports Menu Access"
set task85="Tools Menu Access"
set task86="Config Audit Dashboard"
set task87="Configure ISE Servers"
set task88="Virtual Domain Management"
set task89="Monitor Ethernet Switches"
set task90="Configure Choke Points"
set task91="RRM Dashboard"
set task92="Planning Mode"
set task93="Configure Menu Access"
set task94="Ack and Unack Security Index Issues"
set task95="Pick and Unpick Alerts"
set task96="Ack and Unack Alerts"
set task97="Auto Provisioning"
set virtual-domain0=ROOT-DOMAIN
set virtual-domain1=Virtual-Domain1
}
-Michel
Hi Michel,
It would be great to get the whole config with AD.
Regards
Juergen
--