enable password option in 'Internal Identity Store|users' on ACS 5.1

Unanswered Question
Dec 15th, 2009

Hi !

I would like to know what is the purpose of enable password option in the user indentity form on ACS server version 5.1.  The only possibility was to have a personnalized enable password per user, I had defined a specific password for one user and when I try to use that password to go in enable privillege 15 the attempt failed each time.  I try to removed locally defined enable password on the AAA client and all new attempt failed also !

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
jrabinow Tue, 12/15/2009 - 12:36

Yes, The purpose of the " TACACS Enable Password " field in the

Users > Authentication Settings page is to allow a separate enable password to be defined in the internal user record.

You need to check the cause of failure of the enable request. Best place to look is at "

Monitoring & Reports > Reports > Catalog > AAA Protocol > TACACS_Authentication". This should give a failure reason for the request

xine xine Wed, 12/16/2009 - 03:26

Thanks a lot !

I know why my attemp failed when I used user defined enable password, the only enable password is useable is which one is configure on the device itself.  What I don't is why the user defined password did not replaced the enable password define on the AAA client configuration ?

I had try a new access this morning on my AAA client with "serge" username.  On the ACS "serge" username have different password then which one is defined (bozo) on the AAA client running-config (cisco).  When I try to use bozo as an enable password the authentication failed when I was logged with serge's credentials if I used cisco as an enable password this is working !  In the report I seen no authentication failed for my attempt with bozo as an enable password.  I had only one entry which was successfull when I was successfully logged on the device ! nothing about when I failed to enter in privillege level 15 with bozo password or when I was successfully enter in privillege level 15 with cisco as enable password !

Actions

This Discussion