I have aaa working on a switch in my network.
The prolem I have is when a user fails the password authentication with a known ldap user, it prompts them for the enable password. If that user enters the enable password, they are then logged into the switch.
I would like for the enable password prompt to only come up if the AAA server is unavailable. Oddly enough, if I was to type in a user that doesn't exist in our LDAP tree, and type a bogus password, the enable password prompt never comes up.
User Joe(In ldap tree)
password: <mis types password>
enable password: <---they can now enter the enable password here
User Jimmy (not in ldap tree)
password: <---anything cuz jimmy isn't in tree
username: <--prompts for username again
Regardless if they are in the tree or not, I want it to prompt for the username and force them to log in through ldap.
Any suggestions? Thanks in advance.