Showing results for 
Search instead for 
Did you mean: 

TACACS+ authentication with Cisco ACS

Not applicable

TACACS+ authentication with Cisco ACS

Has anyone successfully configured the stingray to authenticate against Cisco ACS and can provide more insight behind whats required with groupsvc and groupfield? The errors I am getting when I leave the defaults on there is this:


Created TACACSPlus connection to

Authentication SUCCEEDED

 No tacacsplus!fallbackgroup defined

 No groups returned by authenticator

Frequent Contributor

Re: TACACS+ authentication with Cisco ACS


  Welcom to the Riverbed Communities Site!  The fields you are asking about are documented in the STM 8.1 User Guide () on page 232.  I have extracted the relevant section below:


TACACS+ Authenticators

TACACS+ authenticators have the following configurable settings:

tacacsplus!server The IP or hostname of the TACACS+ server.
tacacsplus!port The port to connect to the TACACS+ server on.
tacacsplus!timeout The timeout period (in seconds) for a connection to the TACACS+ server.
tacacsplus!secret The secret key shared with the TACACS+ server.
tacacsplus!authtype The authentication type to use. This can be PAP or ACSII.
tacacsplus!groupsvc The TACACS+ "service" that provides each user's group field.
tacacsplus!groupfield The TACACS+ "service" field that provides each user's group.
tacacsplus!fallbackgroup If tacacsplus!groupsvc is not defined, or no group value is provided for the user by the TACACS+ server, the group specified here will be used. If this is not specified, users with no TACACS+ defined group will be denied access.

These setting are used for group membership extraction from ACS and mapping them to STM administration roles. If no groups are returned, there is a fallback group override in the tacacsplus!failbackgroup setting (ie: by default, give admin access to STM, or by default read-only access etc...)


Does this answer your question?

Aidan Clarke
Pulse Secure vADC Product Manager
Not applicable

Re: TACACS+ authentication with Cisco ACS

I am getting the same error message. Can you please share if you were able to fugure out what goes into groupsvc and groupfield?

Not applicable

Re: TACACS+ authentication with Cisco ACS

I believe it depends on the type of ser ver your ACS is authenticating against. In my case I'm authenticating through ACS back to Active Directory.  For the groupsvc field I entered the AD group I want to allow to connect and left groupfield the default of permission-group