AAA auth with ip http server not working

Unanswered Question
Apr 18th, 2007

Hi all,

I am unable to get ip http server to authenticate against tacacs. attached is the debug output when logging in with the user "mark".

Router config:

aaa new-model

aaa authentication login default group tacacs+ local enable

aaa authentication login ALREADY-IN none

aaa authentication login web group tacacs+ local enable

aaa authorization exec web group tacacs+ local if-authenticated

aaa session-id common

ip http server

ip http authentication aaa login-authentication web

ip http authentication aaa exec-authorization web

the priv-lvl 15 attribute is being sent, but IP HTTP Auth fails.. any ideas why?



Update: Fixed it! I believe the access-enable autocommand was the cause!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Vivek Santuka Thu, 04/19/2007 - 05:46


I have seen that additional attributes such as "access-enable timeout 1920" would not allow http authentication to work with certain IOS versions.




This Discussion