ACS 4.1 authorization fails for priv lvl 15

Unanswered Question
Oct 11th, 2009
User Badges:

I am having a hard time figuring out why authorization fails for users when logging into a switch/router using tacacs to ACS 4.1.123. Authentication does work and I have shell exec and priv=15 service enabled. Am I missing something else?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Sun, 10/11/2009 - 18:49
User Badges:
  • Red, 2250 points or more

Make sure you have exec authorization command in the router/switch,

aaa authorization exec default group tacacs if-authenticated

Also disable single connect on router and on ACS-->network configuration-->AAA-client-->Router. Uncheck single connect.

If still issue is there then please get debugs,

debug tacacs

debug aaa authentication

debug aaa authorization



Do rate helpful posts

Jatin Katyal Mon, 10/12/2009 - 04:24
User Badges:
  • Cisco Employee,


Are you getting "authorization failed" or "command authorization failed"?

Along with the debugs, also get the output of this command:

Sh run | in aaa



Plz rate helpful posts-


This Discussion