cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
771
Views
0
Helpful
2
Replies

ACS 4.1 authorization fails for priv lvl 15

jbest1028
Level 1
Level 1

I am having a hard time figuring out why authorization fails for users when logging into a switch/router using tacacs to ACS 4.1.123. Authentication does work and I have shell exec and priv=15 service enabled. Am I missing something else?

2 Replies 2

Jagdeep Gambhir
Level 10
Level 10

Make sure you have exec authorization command in the router/switch,

aaa authorization exec default group tacacs if-authenticated

Also disable single connect on router and on ACS-->network configuration-->AAA-client-->Router. Uncheck single connect.

If still issue is there then please get debugs,

debug tacacs

debug aaa authentication

debug aaa authorization

Regards,

~JG

Do rate helpful posts

Hi,

Are you getting "authorization failed" or "command authorization failed"?

Along with the debugs, also get the output of this command:

Sh run | in aaa

HTH

JK

Plz rate helpful posts-

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: