04-04-2008 12:15 AM - edited 03-10-2019 03:45 PM
Hi Friends,
I have a ACS appliance 1113 with ACS 4.1 software loaded in my network. Issue what iam facing is i can see the failed, passed authentication and accounting logs but tacacs administration logs file is blank... below is my aaa client configuration
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
any help is highly appreciated.
Regards
Ravi
04-04-2008 12:54 AM
Hi there, I ran into a similar problem ,and added the following line as well:
aaa accounting exec default start-stop group tacacs+. This is so I can see accounting logs.
As for administration logs to log the commands, i needed to install a patch onto my ACS 4.1 Appliance.
I suggest you install the following patch: applAcs-4.1.1.23.5.zip
This resolves bug CSCsg97429 - TACACS+ Command Accounting does not work in ACS 4.1(1) Build 23.
Take care and i hope this resolves your problem.
04-04-2008 06:42 AM
This is a known issue on ver 4.1.1 and we need to apply patch ACS 4.1.1.23.5 to fix the issue.
Patch for appliance is available on
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des
Patch name : ACS SE 4.1.1.23.5 accumulative patch
Patch for acs windows is available on
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des
Patch Name : ACS 4.1.1.23.5 accumulative patch
That should fix the issue,
Regards,
~JG
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide