03-05-2009 11:15 AM - edited 03-10-2019 04:22 PM
Hi all!
I'm having problem with configuration AAA authorization.
I'm not authenticate from outside, output message "user none". But inside I can authenticate normally.
Following configuration not working:
aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication login CONSOLE line
aaa authentication enable default group tacacs+ enable
aaa authorization console
aaa authorization exec default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa authorization network default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
Following configuration is ok:
aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication login CONSOLE line
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
IOS (tm) C2600 Software (C2600-JS-M), Version 12.1(18), RELEASE SOFTWARE (fc1)
Appreciate any help.
Thanks!
03-06-2009 09:44 AM
I am sorry, what is your actual problem? when you try to telnet from the outside world, you are getting a failure and not happening when coming from inside?
03-06-2009 10:53 AM
Hi imartino!
Yes, this is the problem.
Thanks
03-06-2009 11:00 AM
Please go ahead and turn on this debugs and post them here:
debug aaa authentication
debug aaa authorization
debug aaa subsy
debug aaa tacacs
03-06-2009 02:45 PM
line vty 0 4
login authentication default
login authorization default
03-06-2009 03:35 PM
03-06-2009 03:45 PM
With your lines aaa authentication.... default, that should be covered. You might want to get those debugs some time...
03-07-2009 03:28 AM
On ACS server try enable or grant privilege level 15 for the user or group that need to get login to the network device.
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: