10-30-2008 02:37 PM - edited 03-10-2019 04:09 PM
Hi,There:
We're using a Cisco ACS server to do a enable authentication on the Console port of a ASA, see the below for configuation...
The weird thing is that we are able to authenticate a user through the Console port,but failure enable authentication on the Console port.
But we can get through enable authentication if using the local password set by <enable password> command instead of the one configured on ACS server.
Also if we telnet or ssh to the ASA,enable authentication works perfectly...
Any idea...?
--
aaa-server TACACS+ protocol tacacs+
reactivation-mode depletion deadtime 1
aaa-server TACACS+ (inside) host 10.10.1.1
timeout 5
key cisco
aaa authentication serial console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authorization command TACACS+ LOCAL
aaa accounting ssh console TACACS+
aaa accounting command privilege 15 TACACS+
---
Thanks,
10-31-2008 07:18 AM
type "login" at the asa prompt from the console:
cisocasa> login
10-31-2008 07:45 AM
Make sure that the group to which the user is assigned has "Max Privilege for any AAA Client "under Enable Options set to 15.
If issue is still there, please get he debug tacacs , and debug aaa authentication
Regards,
~JG
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide