using AAA for enable mode

Unanswered Question
Apr 18th, 2008
User Badges:

I used to use TACACS and ACS to enable active directory accounts to be used for enable mode. After using their AD account to ssh or telnet you would then type enable and then use your AD password. Now I don't have TACACS and need to use Radius, IAS, on a windows server. I have telnet and ssh setup to use the AD accounts, but how/can I set up the enable mode to use AD accounts?


thank you,


Bill

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jagdeep Gambhir Sat, 04/19/2008 - 10:56
User Badges:
  • Red, 2250 points or more

Bill,

Enable authentication was meant to function with TACACS, and when used with RADIUS it does not perform the same. As a result, the only way for you to get enable authentication to work with RADIUS would be to input the username $enab15$ into your RADIUS server and every user would need to use that password to login to enable mode.



Regards,

~JG


Do rate helpful post

WILLIAM STEGMAN Sun, 04/20/2008 - 15:54
User Badges:

bummer, thanks for the info though. I did kind of find another work around, but it brought up another problem specific to our monitoring system. It was using the privilege level 15 under the lint vty command. That may help someone else so I thought I'd post it.

Actions

This Discussion