11-20-2017 07:21 AM - edited 02-21-2020 10:39 AM
Hi all,
I got an issue with an ISE, I was trying to configure AV-pair to authenticate my Cisco ACI APIC users from the ISE and when I created a new TACACS profile I got an error saying "Passed values may compromise the security of ISE. Please remove malicious scripting terms", but no one of the profiles appear in the screen and I cant delete the created profile.
I used 2 of the recommendations of the article: b_APIC_Basic_Config_Guide_2_x.pdf. I used the "shell:domains = all/admin/" and one that says " shell:domains = all/admin|read-all|read-all(16001) "before that pop up start appearing.
I tried creating another profile with the same name and even realoading the ISE but the error remains, did some one knows what can i do?
Thanks at advance. I attached a screenshot of the issue
Solved! Go to Solution.
11-21-2017 12:42 PM
Hi all, just found how I can get rid of that error, it seems is a Bug (CSCve33558) and the workaround can be found here -> https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve33558/
Just in case someone has issues with this, in this implementation we applied the workaround and the error message dissapear but the TACACS auth stopped working, for some reason the Authentication Policy changed the ID store to another one and we should return it to the correct one.
Hope this helps if anyone has the same case.
11-21-2017 12:42 PM
Hi all, just found how I can get rid of that error, it seems is a Bug (CSCve33558) and the workaround can be found here -> https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve33558/
Just in case someone has issues with this, in this implementation we applied the workaround and the error message dissapear but the TACACS auth stopped working, for some reason the Authentication Policy changed the ID store to another one and we should return it to the correct one.
Hope this helps if anyone has the same case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide