username in accounting report

Unanswered Question
Aug 22nd, 2007

Hello, i wonder how could i get accounting of who get in asa n what have he done to asa.

I already input :

aaa accounting command <group>

aaa accounting enable console <group>

aaa accounting telnet console <group>

And i can see who login in tacac+ accounting.

But i can't see who have input command in tacac+ administration. I just see enable_15 as the username.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 08/23/2007 - 05:02

Chris,

You need to add this command,

aaa authentication enable console LOCAL

That should fix the issue.

~Regards

~JG

Charles_Chi4 Fri, 08/24/2007 - 00:25

i've tried to add that command, but after that no one can login. I have to block asa connection to ACS so it could revert to local authentication.

Is there any solution?

Premdeep Banga Fri, 08/24/2007 - 04:09

whenever we do enable authentication, you also need to, on ACS on user accounts , check the appropriate option for "TACACS+ Enable Password"

under "Advanced TACACS+ Settings"

By default its, "Use separate password" which is blank.

So if your user account is local on ACS use "Use CiscoSecure PAP password" or if you are being authenticated from some external database check "Use external database password".....

If you are not able to see the option, the enable it from Interface Configuration > Advanced Option section.

then you'll be able to log into enable mode, and see who made the changes in the logs.

Regards,

Prem

Actions

This Discussion