FWSM not accessible with local accounts if AAA is configured

Answered Question
Jan 31st, 2008
User Badges:

I do have an issue that I am not able to log in with telnet to our FWSM with a local account created in the system context.


Let's say I have an account usera with password 12345 and I do have AAA configured with LOCAL added as well.


When I try to log in I see the login on the ACS as failed which is correct but then it should check the local database and see that this user exists and should let me in.


Does anybody have an idea what could be the problem?

Correct Answer by Fernando_Meza about 9 years 1 month ago

Hi ..


It sounds like you have configured AAA using two methods of authentication (RADIUS or TACACS and LOCAL). If that is correct, then be aware that LOCAL authentication will be checked only if the server(s) referred by the first method of authentication (the ACS in your case) is unavailable. The second authentication method (LOCAL in your case) will not be checked if the FWSM can contact the ACS server.


I hope it helps .. please rate it if it does !!!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Fernando_Meza Thu, 01/31/2008 - 03:02
User Badges:
  • Gold, 750 points or more

Hi ..


It sounds like you have configured AAA using two methods of authentication (RADIUS or TACACS and LOCAL). If that is correct, then be aware that LOCAL authentication will be checked only if the server(s) referred by the first method of authentication (the ACS in your case) is unavailable. The second authentication method (LOCAL in your case) will not be checked if the FWSM can contact the ACS server.


I hope it helps .. please rate it if it does !!!



Actions

This Discussion