Has anyone successfully configured the stingray to authenticate against Cisco ACS and can provide more insight behind whats required with groupsvc and groupfield? The errors I am getting when I leave the defaults on there is this:
Created TACACSPlus connection to
No tacacsplus!fallbackgroup defined
No groups returned by authenticator
Welcom to the Riverbed Communities Site! The fields you are asking about are documented in the STM 8.1 User Guide () on page 232. I have extracted the relevant section below:
TACACS+ authenticators have the following configurable settings:
tacacsplus!server The IP or hostname of the TACACS+ server.
tacacsplus!port The port to connect to the TACACS+ server on.
tacacsplus!timeout The timeout period (in seconds) for a connection to the TACACS+ server.
tacacsplus!secret The secret key shared with the TACACS+ server.
tacacsplus!authtype The authentication type to use. This can be PAP or ACSII.
tacacsplus!groupsvc The TACACS+ "service" that provides each user's group field.
tacacsplus!groupfield The TACACS+ "service" field that provides each user's group.
tacacsplus!fallbackgroup If tacacsplus!groupsvc is not defined, or no group value is provided for the user by the TACACS+ server, the group specified here will be used. If this is not specified, users with no TACACS+ defined group will be denied access.
These setting are used for group membership extraction from ACS and mapping them to STM administration roles. If no groups are returned, there is a fallback group override in the tacacsplus!failbackgroup setting (ie: by default, give admin access to STM, or by default read-only access etc...)
Does this answer your question?
I believe it depends on the type of ser ver your ACS is authenticating against. In my case I'm authenticating through ACS back to Active Directory. For the groupsvc field I entered the AD group I want to allow to connect and left groupfield the default of permission-group