Aruba Employee
Posts: 64
Registered: ‎04-07-2007

TACACS on Clear Pass -Authentication privilege level mismatch

Trying to get TACACS configured with AD group auth.


I have the users in the group defined 


But I keep hitting this error...


Error Category:
Tacacs authentication
Error Code:
Authentication privilege level mismatch
 Alerts for this Request :
Tacacs serverRequested priv_level=[01] greater than Max Allowed priv_level=[00]
Posts: 1,526
Registered: ‎06-12-2012

Re: TACACS on Clear Pass -Authentication privilege level mismatch

You need to make sure you modify your policy (Configuration » Enforcement » Policies » Edit - [Admin Network Login Policy]) and add your AD group settings in to the corresponding privilege level.


Just make it a copy of the original policy and modify the copy...

Thank You,

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II
Posts: 48
Registered: ‎12-17-2012

Re: TACACS on Clear Pass -Authentication privilege level mismatch

I am having exactly the same problem with the mismatched privilege levels.


However, I am not sure how to solve this.. I have copied the original [Admin Network Login Policy] but how do I set the corresponding privilege level within the policy?

Guru Elite
Posts: 19,983
Registered: ‎03-29-2007

Re: TACACS on Clear Pass -Authentication privilege level mismatch

That is configured in the Enforcement Profile.  Create a new TACACS enforcement profile and reference it in the enforcement policy.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides :
Contributor I
Posts: 31
Registered: ‎01-03-2014

Re: TACACS on Clear Pass -Authentication privilege level mismatch

Thanks for the post guys this was helpful at getting this issue resolved. I did things a bit differently and instad of putting my Authorization in the Enforcement I used a Role for Authorization and associate a TACACS role that was created with elevated  permissions. In the enforcement section I just used the TIPS to associate the role that was determined and it applys the Super Admin TACACS profile. 


Once completed everything worked as necessary, and I just cloned the default service and appened my Roles / Enforcement policies to the cloned profile so everything was retained. 

Justin Kwasnik | ACMX# 598 ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: