Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
0
Helpful
4
Replies

AAA confusion - local username access

Go to solution
geotech333
Level 1
Level 1

‎09-04-2009 05:28 PM - edited ‎03-10-2019 04:40 PM

Hey all,

I am a little confused.

I have the following commands on my device:

username blah privilege 15 secret 5 blah!@#$%%

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization commands 0 default group tacacs+

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default stop-only group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

Everything works fine.

However when I bring down the TACACS server I am able to login into the device with the local username but it fails when I enter the enable command. How can I have access when in case of emergency that TACACS fails? I have researched online and have tried multiple commands. Is there anything I am missing? I do have an enable secret password configured as well. But don't even get a chance to enter. when entering "en" at > prompt:

% Authentication failed.

Thanks in advance for your help.

My testing has led to frustration.

:)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎09-05-2009 05:21 AM

Hi Geo,

First please give the fall back method for command 0.

aaa authorization commands 0 default group tacacs+

add local

aaa authorization commands 0 default group tacacs+ local

Make sure you are putting in right enable password, try to reset it and give it a shot.

If issue is there then get the output of debug tacacs and debug aaa authentication

Regards,

~JG

Do rate helpful posts

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎09-05-2009 05:21 AM

Hi Geo,

First please give the fall back method for command 0.

aaa authorization commands 0 default group tacacs+

add local

aaa authorization commands 0 default group tacacs+ local

Make sure you are putting in right enable password, try to reset it and give it a shot.

If issue is there then get the output of debug tacacs and debug aaa authentication

Regards,

~JG

Do rate helpful posts

0 Helpful

Go to solution
geotech333
Level 1
Level 1
In response to Jagdeep Gambhir

‎09-06-2009 12:59 PM

Thanks JG.

I completely overlooked that.

Thanks for pointing out.

I will give it a try and post results!

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to geotech333

‎09-07-2009 07:11 AM

Also please make sure that in ACS , enable privilege for that user is set to 15.

Let me know how that goes.

Regards,

~JG

Do rate heplful posts

0 Helpful

Go to solution
geotech333
Level 1
Level 1
In response to Jagdeep Gambhir

‎09-08-2009 04:36 AM

That did the trick!

:)

Thanks for your help.

All is working as it should be.

0 Helpful
Customers Also Viewed These Support Documents