Hello Everyone,
I am working to create a TACACS Service for Silverpeak Admin access. I have create a TACACS dictionary, and i am able to assign the role of admin or monitor. I base this on AD Group membership.
The default enforcement profile in my policy is [TACACS Deny Profile]. If a user authenticates successfully, and does not get a role of SLVP_admin or SLVP_view they are assigned the enforcment profile [TACACS Deny Profile].
However, they are still authenticated and put in to the default user role as defined in silverpeak. The default user role can only be admin or monitor, there is no deny option in SilverPeak.
So as a test I created a new enforcement profile based on silverpeak:ip with role=deny, however it still hits the default role and grants access.
How can i force a deny on TACACS to silverpeak? It seems if they user gets authenticated successfully, role mapping/enforcement does not deny them access.
Thanks,
_ELiasz