03-13-2008 01:53 PM - edited 03-10-2019 03:43 PM
What is the command so that when the username + password cannot be found in the microsoft isa server, the pix will look at the local database?
This command works in the router, but I cannot seem to find the equivlant for the pix.
aaa authentication login default local group tacacs+
Basically does the pix asa 8.0 support Multiple authorization commands?
Thank you very much for your help.
03-14-2008 04:35 AM
On a router, "aaa authentication login default local group tacacs+ " will ALWAYS use the local user DB, never tacacs.
"aaa authentication login default group tacacs+ local" will first try tacacs and only if the tacacs server is not responding, use the local DB. Note that if the tacacs DOES respond but rejects the authentication attempt (user does not exist or wrong password), that the router will NOT use the local DB.
That said, on pix/asa you can do the same, e.g.:
aaa-server TPLUS protocol tacacs+
aaa-server TPLUS (management) host 10.0.0.1
aaa authentication telnet console TPLUS LOCAL
hth
H
03-27-2008 12:06 PM
Thank you very much, that helped a lot!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide