07-12-2007 05:57 AM - edited 03-10-2019 03:16 PM
I have configured some of our network devices to authenticate to our TACACS server. Some of the network engineers have asked me to see if I can come up with a way that they don't have to type in their password twice on the network devices. I saw a different thread,
and I followed what was stated in their, however I still have to type in my password twice. I have made sure that they shell privilege level is set for 15. Anyone have any ideas?
Attached is the related router config.
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
tacacs-server host 172.20.62.208
tacacs-server host 172.20.62.191
tacacs-server key 7 <omitted>
Thanks for the help.
07-12-2007 05:59 AM
Remove the command -
aaa authentication enable default group tacacs+ enable
Hope this helps,
Soumya
07-12-2007 06:45 AM
07-12-2007 06:50 AM
First of all, if you have exec command and shell priv option checked you should be in # prompt, you should not be following in user> mode. Please send the following debugs when trying authentication.
-debug aaa authentication
-debug aaa authorization
-debug tacacs
Thanks
Parminder
07-12-2007 06:51 AM
Hi ,
What is the IOS ver you have on the box. Please make sure that the attachment is from tacacs 172.20.62.208 and not the other one.
Make sure that you are a part of that group on which changes has been made. Also check if you have anything set at user level ?
Regards,
~JG
07-12-2007 06:03 AM
07-12-2007 06:04 AM
HI,
No need to do enable authentication.
Please take that out and it will work fine.
Regards,
~JG
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: