07-31-2007 02:06 AM - edited 03-10-2019 03:18 PM
Hi,
We have PIX 535 with Version 6.3(4). We have TACACS server running on LINUX.
The configuration that we have done for authenticating through PIX is as below:
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server TACACS+ (inside) host 172.17.96.198 cisco timeout 5
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication telnet console TACACS+ LOCAL
aaa authentication enable console TACACS+
When we are doing telnet to the pix first username and passwords are taken from TACACS server. But enable password is not taking.
And after removing aaa authentication enable console TACACS+ we can login using the enable password configured locally in the pix.
But we want total control through TACACS.
Is their any way around?
Thanks in advance.
07-31-2007 03:02 AM
Hi,
On tacacs server, go to user properties and configure TACACS enable authentication options to pick user pap password. This configuration is missing from TACACS server.
~Rohit
07-31-2007 03:29 AM
Hi,
Thanks for your response.
As I have said earlier we have TACACS running on LINUX. Also we don't have any GUI running.
let me know what can be done on this situation.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: