ACS 4.1 authorization fails for priv lvl 15

Unanswered Question
Oct 11th, 2009

I am having a hard time figuring out why authorization fails for users when logging into a switch/router using tacacs to ACS 4.1.123. Authentication does work and I have shell exec and priv=15 service enabled. Am I missing something else?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Sun, 10/11/2009 - 18:49

Make sure you have exec authorization command in the router/switch,

aaa authorization exec default group tacacs if-authenticated

Also disable single connect on router and on ACS-->network configuration-->AAA-client-->Router. Uncheck single connect.

If still issue is there then please get debugs,

debug tacacs

debug aaa authentication

debug aaa authorization

Regards,

~JG

Do rate helpful posts

Jatin Katyal Mon, 10/12/2009 - 04:24

Hi,

Are you getting "authorization failed" or "command authorization failed"?

Along with the debugs, also get the output of this command:

Sh run | in aaa

HTH

JK

Plz rate helpful posts-

Actions

This Discussion