Command authorization failed

Unanswered Question
Jun 30th, 2008
User Badges:

Hi All,


I share the admin of a firewall with another a company. At the moment im unable to run any commands as i get the following error after logging in and then entering the enable password.


"Command authorization failed"


Im not sure if they have made any changes but the last change i made was to reconfigure the remote access VPN to use AAA Authentication against a MS IAS (radius server).


Here are the AAA commands before and after my change.


BEFORE

------


aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication enable console LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL


I then added the following lines.


aaa-server vpnauth protocol radius

aaa-server vpnauth max-failed-attempts 3

aaa-server vpnauth deadtime 10

aaa-server vpnauth (inside) host X.X.X.X PASSWORD timeout 5


And reconfigure the crypto map to use vpnauth. Remote access works fine but im totally restricted when i try and login via telnet or ssh.


Does anyone know why im locked out?


Appreciate any help as im stumped.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Tue, 07/01/2008 - 00:34
User Badges:
  • Red, 2250 points or more

What is the privilege level of the user you are accessing? Once you enter the enable password do you go to enable mode?


I don't see how the config you added can cause this. It must be something 'else'.


Regards


Farrukh

serotonin888 Tue, 07/01/2008 - 01:14
User Badges:

Hi,


As management of this firewall is shared i cant be 100% sure that the other party didnt change anything. According to them they havent made any changes.


The user im using last had priv 15. It lets me go to enable mode OK using the password. But once in enable mode i only have a limited command set and everything i try to run returns "Command authorization failed".


Im wondering if this is a lost cause and Ill need to do a config reset... Problem is the device is located offsite.


Appreciate any help or advice.

Farrukh Haroon Tue, 07/01/2008 - 02:02
User Badges:
  • Red, 2250 points or more

Unless this is a bug, 'someone' must have changed the firewall configuration.


Regards


Farrukh

Actions

This Discussion