05-13-2009 10:57 AM - edited 03-11-2019 08:31 AM
I have a customer whom is currently using TACACS to authenticate incoming Admin session requests to the ASA appliance. Currently is uses TACACS and prompts for a username and password when you SSH to the box. Once authenticated, and then to enter priveleged EXEC mode after issuing the >enable command, the user will enter his/her password again to go to PRIV EXEC mode.
We want to change this scenario a bit. We still want the ASA to query the TACACS server to validate the user. But thereafter we want to use the LOCAL enable password on the ASA as the password to be referenced for PRIV EXEC mode.
What command will tell the ASA to reference the enable password, and not use TACACS?
05-13-2009 11:07 AM
05-13-2009 12:00 PM
Can you point me to where this is on the ACS box? And what version of ACS are you running. We were looking for this option on the ACS box and to this point unable to find it.
thx
05-13-2009 12:11 PM
Check under the individual user account.
06-10-2009 09:15 AM
Hello. I'd like to join your conversation, because I have same problem.
I configure 'Use separate password', and now this password used for enable command. By the question was how to configure for using 'enable password' in Asa configuration? Or I need to configure 'Asa enable password' for all user accounts in ACS database as 'separate password' line?
06-10-2009 10:32 AM
Good question. I could not get it to work other than your suggestion of configure 'Asa enable password' for all user accounts in ACS database as 'separate password' line Thaat actually makes sense since the ASA is using AAA authentication and the enable password is local.
06-11-2009 12:47 AM
Thanks. One more question.
Is it possible login to Asa direct to priv. 15?
It worked with routers, but not with Asa.
06-11-2009 05:22 AM
No you can't. It's a security feature.
06-15-2009 05:59 AM
Collin
I appreciate your input on this to this point.
I am still having difficulty locating the screen from your screen shot. Is there a chance that you could provide the exact path.
I did not see it at the path "Administration Control>Administrators>(username) which is where I thought it would be.
Thanks again
06-15-2009 06:08 AM
Try-
>User Setup>[USERNAME]
It's under the properties of the individual user.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide