Question regarding intermal users ACS 5.1

Unanswered Question
Jul 23rd, 2010

Hi,

I am running ACS 5.1 and having some internal users created under Users and Identity Stores.

I can specify the user and password (which works fine), but I can also specify an enable password.

This enable password does not work as to enter privilege mode on the router.

For example, I can log in via telnet using the ACS local user, but always have to use the enable password locally defined on the router (not the enable password for that user defined on the ACS).

What's the purpose of this enable password option on the ACS?

Federico.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
michagar Sun, 07/25/2010 - 12:12

Federico,


Can you please post the output of your AAA configuration..

Typically for what you are trying to achieve requires at miniumum the following.

aaa authentication login default group tacacs

aaa authentication enable default group tacacs

or radius in place of tacacs.

Ganesh Hariharan Mon, 07/26/2010 - 00:34

Hi,

I am running ACS 5.1 and having some internal users created under Users and Identity Stores.

I can specify the user and password (which works fine), but I can also specify an enable password.

This enable password does not work as to enter privilege mode on the router.

For example, I can log in via telnet using the ACS local user, but always have to use the enable password locally defined on the router (not the enable password for that user defined on the ACS).

What's the purpose of this enable password option on the ACS?

Federico.

Hi Federico,

In our data center we are using enable mode password as the same password for login at the first time,so we have configured the following command to accept the same and also configured few setting under user to take the same password PAP for enable password also the same.So login and enable password for users is the same which is configured in internal user database of ACS.


aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Actions

This Discussion