Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
873
Views
0
Helpful
6
Replies

IOS 12.4 enable authetication TACACs+ failing on $enab15$!!

maheshbalasub75
Level 1
Level 1

‎08-09-2007 07:12 AM - edited ‎03-10-2019 03:19 PM

Hi,

We have cisco router IOS 12.4 setup for

AAA authetication login default TACACs+...telnet login works fine ...with the TACACS+user...we also haev aaa authetication enable default TACACs+ configured and allowed cisco pap password for user...now when the authenticated TACACs user tries to enable ...authetication error happens ..and the logs /debug +acs 3.2(T+ server) show unknown user $enab15$...can anyone suggest as to why this happening when the user shown shud be the same user who had gone into usermode and now was trying enable...pointers appreciated

Labels:
0 Helpful
6 Replies 6

Premdeep Banga
Level 7
Level 7

‎08-09-2007 07:17 AM

It?s a bug,

If you are on 12.4(13) go to 12.4(13a)

Regards,

Prem

0 Helpful

maheshbalasub75
Level 1
Level 1
In response to Premdeep Banga

‎08-09-2007 07:22 AM

Hi thanks for that ...we are in a severly change/release controlled environ ...does that mean it is a bug!..we have another IOS 12.4(13) ..it works fine ...that is strange ,is it supposed to behave this way ..is there any workaround

Thanks

0 Helpful

Premdeep Banga
Level 7
Level 7
In response to maheshbalasub75

‎08-09-2007 07:27 AM

CSCsh76038 & CSCin98780, check their details,

work around that i can suggest is to skip the enable authentication and go directly to privileged exec mode using command,

aaa authorization exec default group tacacs+ local

And specify the privilege level on ACS i.e. check "Shell" and "Privilege Level" with value of the privilege like 2, 15 etc.

Regards,

Prem

0 Helpful

maheshbalasub75
Level 1
Level 1
In response to maheshbalasub75

‎08-09-2007 07:28 AM

Just adding is there an cisco BID equivalent listed somewhere for justifying this ???

Appreciate help

0 Helpful

maheshbalasub75
Level 1
Level 1
In response to maheshbalasub75

‎08-09-2007 07:41 AM

Yikes we have usergroups and device groups routers mapped with appropriate privilges ..works fine for all but ...how do we workaround now ???

Thanks

0 Helpful

Premdeep Banga
Level 7
Level 7
In response to maheshbalasub75

‎08-09-2007 03:28 PM

Get an insight by an expert.

I wont suggest you anything at this point, as it would require to have your topology details, and if you cannot go to the fixed version as stated by bug, and some are working and some are not.

I think, someone needs to understand the whole situation in depth, before going for any kind of work around.

Regards,

Prem

0 Helpful
Customers Also Viewed These Support Documents