IOS 12.4 enable authetication TACACs+ failing on $enab15$!!

Unanswered Question
Aug 9th, 2007
User Badges:

Hi,

We have cisco router IOS 12.4 setup for

AAA authetication login default TACACs+...telnet login works fine ...with the TACACS+user...we also haev aaa authetication enable default TACACs+ configured and allowed cisco pap password for user...now when the authenticated TACACs user tries to enable ...authetication error happens ..and the logs /debug +acs 3.2(T+ server) show unknown user $enab15$...can anyone suggest as to why this happening when the user shown shud be the same user who had gone into usermode and now was trying enable...pointers appreciated

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Premdeep Banga Thu, 08/09/2007 - 07:17
User Badges:
  • Gold, 750 points or more

It?s a bug,


If you are on 12.4(13) go to 12.4(13a)


Regards,

Prem

maheshbalasub75 Thu, 08/09/2007 - 07:22
User Badges:

Hi thanks for that ...we are in a severly change/release controlled environ ...does that mean it is a bug!..we have another IOS 12.4(13) ..it works fine ...that is strange ,is it supposed to behave this way ..is there any workaround


Thanks

Premdeep Banga Thu, 08/09/2007 - 07:27
User Badges:
  • Gold, 750 points or more

CSCsh76038 & CSCin98780, check their details,


work around that i can suggest is to skip the enable authentication and go directly to privileged exec mode using command,


aaa authorization exec default group tacacs+ local


And specify the privilege level on ACS i.e. check "Shell" and "Privilege Level" with value of the privilege like 2, 15 etc.


Regards,

Prem

maheshbalasub75 Thu, 08/09/2007 - 07:28
User Badges:

Just adding is there an cisco BID equivalent listed somewhere for justifying this ???

Appreciate help

maheshbalasub75 Thu, 08/09/2007 - 07:41
User Badges:

Yikes we have usergroups and device groups routers mapped with appropriate privilges ..works fine for all but ...how do we workaround now ???


Thanks

Premdeep Banga Thu, 08/09/2007 - 15:28
User Badges:
  • Gold, 750 points or more

Get an insight by an expert.


I wont suggest you anything at this point, as it would require to have your topology details, and if you cannot go to the fixed version as stated by bug, and some are working and some are not.


I think, someone needs to understand the whole situation in depth, before going for any kind of work around.


Regards,

Prem

Actions

This Discussion