AAA enable password authentication failed
Hello there! Configuring AAA on 1841 router, at first it confirms me well utilizing my TACAS+ login. Anyhow however I have designed empower password in router straight puts me in benefit mod without inquiring password. Can somebody encourage me to troubleshoot this?
Code:
my configurations for AAA as below:
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 0 ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting commands 1 ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
Re: AAA enable password authentication failed
I think when I did this with RADIUS is was a setting on the RADIUS server that I had to set to tell the router to concede privilege access. I'd begin with taking a gander at your TACACS server for the setting.
Re: AAA enable password authentication failed
My Radius Configurations are as follows: It's the Cisco-AVpair line that does it-
Code:
server ~ # cat /etc/raddb/users
username Cleartext-Password := "letmein"
Service-Type = Nas-Prompt-User,
Cisco-Avpair = "shell:priv-lvl=15"
Re: AAA enable password authentication failed
This is what I was intuition. In the event that you have ' privilege level 15' in the vty line arrangement and your username is arranged with this priv. level then when you mark in you will mark in at priv-exec.
Re: AAA enable password authentication failed
Here are my entire users DataBase:
Code:
server ~ # cat /etc/raddb/users
username Cleartext-Password := "letmein"
Service-Type = Nas-Prompt-User,
Cisco-Avpair = "shell:priv-lvl=15"
rview Cleartext-Password := "rview"
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=0"
DEFAULT Group == "disabled", Auth-Type := Reject
Reply-Message = "Your account has been disabled."
___AND___
Code:
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication login CON group radius local none
aaa authorization exec default group radius local
!
line con 0
privilege level 15
logging synchronous
login authentication CON
My user gets in fine at level 15, and the user goes in at user mode, and needs to drop in the empower secret word to empower up. But also for enjoyment, I actually attempted it with and without the concession level 15. It had no impact either way.
Re: AAA enable password authentication failed
I did connected ACS gather under VTY line, misguided. This was my new AAA unique-model. What I need after all it will put me in priv-exc model if my TACACS id is arranged for level 15. Abnormal is that, I connected same sets of AAA summons on switches too, but it do request from me prepare secret key.
