There are many configuration guides on the Cisco website with details about configuring RADIUS and TACACS+ on a Cisco Firepower Chassis Manager. See this link for the configuration guide for 2.0(1).
In this document, you can read the following comment:
|Remote User Role Policy
||Controls what happens when a user attempts to log in and the remote authentication provider does not supply a user role with the authentication information:
- Assign Default Role—The user is allowed to log in with a read-only user role.
- No-Login—The user is not allowed to log in to the system, even if the username and password are correct.
But… it’s very hard to find what attributes are needed to assign a user the administrator role.
It took some time this morning for configuring a RADIUS or TACACS server for management access to a Cisco WLC. So, let’s write a short how-to:
- Login into the WLC and click Security – AAA – TACACS+ (or Radius) – Authentication
- Click New and enter:
- Server IP Address – IP address of the TACACS server
- Shared secret – The configured shared secret on the TACACS server
- If you’re using TACACS, click Authorization and enter the same Server IP address and Shared Secret. Configuring accounting is optional
- Click Security – Priority order – Management user and make sure TACACS (or radius) is in top of the list