Senario
Useing TACACS for Mgnt user access I always get root access regardless of what is sent back from CPPM - read-only does not work as it should.
I have a controller running AOS 6.1.34, Configured for TACACS to auth the mgmt users
---------------- AOS config --------------
aaa authentication-server tacacs "10.254.5.21"
host 10.254.5.21
key b8059de7fd5ba7390bf9256f791c9d61d2b11b7e69e07117
session-authorization
!
aaa authentication mgmt
server-group "tacacs"
enable
!
---------- end AOS config -------\
On ClearPass I can see the Auth request hit access tracker and I see that it is useing the standard [Aruba TACACS Read-Only Access] enforcement profile
for a user that is not an admin I get full access when I log into the controller. When I use an admin account it works as expected
Questions:
1. What is the logging to see the Admin user log in and the attributes sent back from ClearPass to confirm that the controller is receivig what Access tracker says is sent.
2. Did I miss something in the config ?