01-07-2013 04:02 PM
Trying to get TACACS configured with AD group auth.
I have the users in the group defined
But I keep hitting this error...
Authentication privilege level mismatch
|Tacacs server||Requested priv_level= greater than Max Allowed priv_level=|
Solved! Go to Solution.
01-07-2013 04:16 PM
You need to make sure you modify your policy (Configuration » Enforcement » Policies » Edit - [Admin Network Login Policy]) and add your AD group settings in to the corresponding privilege level.
Just make it a copy of the original policy and modify the copy...
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
04-08-2013 01:58 AM
I am having exactly the same problem with the mismatched privilege levels.
However, I am not sure how to solve this.. I have copied the original [Admin Network Login Policy] but how do I set the corresponding privilege level within the policy?
04-11-2013 03:53 PM
That is configured in the Enforcement Profile. Create a new TACACS enforcement profile and reference it in the enforcement policy.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
09-26-2014 12:44 PM
Thanks for the post guys this was helpful at getting this issue resolved. I did things a bit differently and instad of putting my Authorization in the Enforcement I used a Role for Authorization and associate a TACACS role that was created with elevated permissions. In the enforcement section I just used the TIPS to associate the role that was determined and it applys the Super Admin TACACS profile.
Once completed everything worked as necessary, and I just cloned the default service and appened my Roles / Enforcement policies to the cloned profile so everything was retained.