Occasional Contributor II

TACACS Role Mapping using Authorization Attributes From AD

First off, I am new to using CPPM as a TACACS server but have been using it for RADIUS for a little while.


I am trying to use Authorization Attributes from active directory to map roles and then use those tips roles to enforce different profiles. I am already doing this on the RADIUS side to push down wireless roles to controllers. Now I'm trying my hand at TACACS


I have read a handful blog posts, watched videos, and used ASE templates but for some reason Authorization Attributes never shows up in the Request tab in the log. If reference AD Authorization Attributes in the Enforcement Policy magically it shows in the log, but still has no effect on the Role Mapping. 


I have looked through my AD server in Authentication Sources and I have "Used for Authorization" checked (all this is working for RADIUS)


I'm at a loss and thought I would start here before TAC



Re: TACACS Role Mapping using Authorization Attributes From AD

Could you share the tacacs service configuration here? Screen captures will do.

Thank you,
Saravanan Rajagopal

**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP Expert

Re: TACACS Role Mapping using Authorization Attributes From AD

They won't show up in Access Tracker if you're not addressing/using them in some way. So define a Role Mapping to your Service where you pick up on type "Authorization:MYAD:memberof", do a TACACS auth from your device and you should see all the available attributes in your Access Tracker entry.

John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: