ACS 4.1 authorization fails for priv lvl 15

Unanswered Question
Oct 11th, 2009

I am having a hard time figuring out why authorization fails for users when logging into a switch/router using tacacs to ACS 4.1.123. Authentication does work and I have shell exec and priv=15 service enabled. Am I missing something else?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Sun, 10/11/2009 - 18:49

Make sure you have exec authorization command in the router/switch,


aaa authorization exec default group tacacs if-authenticated


Also disable single connect on router and on ACS-->network configuration-->AAA-client-->Router. Uncheck single connect.


If still issue is there then please get debugs,


debug tacacs

debug aaa authentication

debug aaa authorization


Regards,

~JG


Do rate helpful posts

Jatin Katyal Mon, 10/12/2009 - 04:24

Hi,


Are you getting "authorization failed" or "command authorization failed"?


Along with the debugs, also get the output of this command:


Sh run | in aaa


HTH


JK


Plz rate helpful posts-

Actions

This Discussion