I am using cisco secure ACS and have everything up and running. I configured my 3560 switch with tacacs+ info and it works when I console into it and use my login name, but when I telnet into it from another switch it gives me an "authorization failure". I dont know if I'am missing one line in my switch configuration or if its something wrong with the TACACS server? can anyone help?
I believe that this line is the config is initiating the authorization:
aaa authorization exec default group tacacs+ if-authenticated
if the server is not authorizing I would start by checking how the userID is configured on the tacacs server. I am guessing that something in the definition is interpreted by tacacs as not allowing creation of an exec process for this userID.