Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19951
Views
0
Helpful
3
Replies

Command authorization failed

serotonin888
Level 1
Level 1

‎06-30-2008 06:29 AM - edited ‎03-10-2019 03:56 PM

Hi All,

I share the admin of a firewall with another a company. At the moment im unable to run any commands as i get the following error after logging in and then entering the enable password.

"Command authorization failed"

Im not sure if they have made any changes but the last change i made was to reconfigure the remote access VPN to use AAA Authentication against a MS IAS (radius server).

Here are the AAA commands before and after my change.

BEFORE

------

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication enable console LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

I then added the following lines.

aaa-server vpnauth protocol radius

aaa-server vpnauth max-failed-attempts 3

aaa-server vpnauth deadtime 10

aaa-server vpnauth (inside) host X.X.X.X PASSWORD timeout 5

And reconfigure the crypto map to use vpnauth. Remote access works fine but im totally restricted when i try and login via telnet or ssh.

Does anyone know why im locked out?

Appreciate any help as im stumped.

Labels:
0 Helpful
3 Replies 3

Farrukh Haroon
VIP Alumni
VIP Alumni

‎07-01-2008 12:34 AM

What is the privilege level of the user you are accessing? Once you enter the enable password do you go to enable mode?

I don't see how the config you added can cause this. It must be something 'else'.

Regards

Farrukh

0 Helpful

serotonin888
Level 1
Level 1
In response to Farrukh Haroon

‎07-01-2008 01:14 AM

Hi,

As management of this firewall is shared i cant be 100% sure that the other party didnt change anything. According to them they havent made any changes.

The user im using last had priv 15. It lets me go to enable mode OK using the password. But once in enable mode i only have a limited command set and everything i try to run returns "Command authorization failed".

Im wondering if this is a lost cause and Ill need to do a config reset... Problem is the device is located offsite.

Appreciate any help or advice.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to serotonin888

‎07-01-2008 02:02 AM

Unless this is a bug, 'someone' must have changed the firewall configuration.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents