AAA enable password authentication failed

[X-MaaN]

Sponsored Links

Hello there! Configuring AAA on 1841 router, at first it confirms me well utilizing my TACAS+ login. Anyhow however I have designed empower password in router straight puts me in benefit mod without inquiring password. Can somebody encourage me to troubleshoot this?

Code:

my configurations for AAA as below:

aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 0 ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting commands 1 ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+

[Candace]

I think when I did this with RADIUS is was a setting on the RADIUS server that I had to set to tell the router to concede privilege access. I'd begin with taking a gander at your TACACS server for the setting.

[Sabastiaan]

My Radius Configurations are as follows: It's the Cisco-AVpair line that does it-

Code:

server ~ # cat /etc/raddb/users
username               Cleartext-Password := "letmein"
                             Service-Type = Nas-Prompt-User,
                             Cisco-Avpair = "shell:priv-lvl=15"

[Amie]

This is what I was intuition. In the event that you have ' privilege level 15' in the vty line arrangement and your username is arranged with this priv. level then when you mark in you will mark in at priv-exec.

[HiSpeed]

Here are my entire users DataBase:

Code:

server ~ # cat /etc/raddb/users
username               Cleartext-Password := "letmein"
                Service-Type = Nas-Prompt-User,
                Cisco-Avpair = "shell:priv-lvl=15"

rview           Cleartext-Password := "rview"
                Service-Type = NAS-Prompt-User,
                cisco-avpair = "shell:priv-lvl=0"

DEFAULT         Group == "disabled", Auth-Type := Reject
                Reply-Message = "Your account has been disabled."

___AND___

Code:

aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication login CON group radius local none
aaa authorization exec default group radius local
!
line con 0
privilege level 15
logging synchronous
login authentication CON

My user gets in fine at level 15, and the user goes in at user mode, and needs to drop in the empower secret word to empower up. But also for enjoyment, I actually attempted it with and without the concession level 15. It had no impact either way.

[teenQ]

I did connected ACS gather under VTY line, misguided. This was my new AAA unique-model. What I need after all it will put me in priv-exc model if my TACACS id is arranged for level 15. Abnormal is that, I connected same sets of AAA summons on switches too, but it do request from me prepare secret key.