using AAA for enable mode

Unanswered Question
Apr 18th, 2008

I used to use TACACS and ACS to enable active directory accounts to be used for enable mode. After using their AD account to ssh or telnet you would then type enable and then use your AD password. Now I don't have TACACS and need to use Radius, IAS, on a windows server. I have telnet and ssh setup to use the AD accounts, but how/can I set up the enable mode to use AD accounts?

thank you,

Bill

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jagdeep Gambhir Sat, 04/19/2008 - 10:56

Bill,

Enable authentication was meant to function with TACACS, and when used with RADIUS it does not perform the same. As a result, the only way for you to get enable authentication to work with RADIUS would be to input the username $enab15$ into your RADIUS server and every user would need to use that password to login to enable mode.

Regards,

~JG

Do rate helpful post

WILLIAM STEGMAN Sun, 04/20/2008 - 15:54

bummer, thanks for the info though. I did kind of find another work around, but it brought up another problem specific to our monitoring system. It was using the privilege level 15 under the lint vty command. That may help someone else so I thought I'd post it.

Actions

This Discussion