Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
10
Helpful
2
Replies

Question regarding intermal users ACS 5.1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎07-23-2010 03:27 PM - edited ‎03-10-2019 05:16 PM

Hi,

I am running ACS 5.1 and having some internal users created under Users and Identity Stores.

I can specify the user and password (which works fine), but I can also specify an enable password.

This enable password does not work as to enter privilege mode on the router.

For example, I can log in via telnet using the ACS local user, but always have to use the enable password locally defined on the router (not the enable password for that user defined on the ACS).

What's the purpose of this enable password option on the ACS?

Federico.

Labels:
0 Helpful
2 Replies 2

michagar
Cisco Employee
Cisco Employee

‎07-25-2010 12:12 PM

Federico,


Can you please post the output of your AAA configuration..

Typically for what you are trying to achieve requires at miniumum the following.

aaa authentication login default group tacacs

aaa authentication enable default group tacacs

or radius in place of tacacs.

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎07-26-2010 12:34 AM 

Hi,
I am running ACS 5.1 and having some internal users created under Users and Identity Stores.
I can specify the user and password (which works fine), but I can also specify an enable password.
This enable password does not work as to enter privilege mode on the router.
For
 example, I can log in via telnet using the ACS local user, but always 
have to use the enable password locally defined on the router (not the 
enable password for that user defined on the ACS).
What's the purpose of this enable password option on the ACS?
Federico.

Hi Federico,

In our data center we are using enable mode password as the same password for login at the first time,so we have configured the following command to accept the same and also configured few setting under user to take the same password PAP for enable password also the same.So login and enable password for users is the same which is configured in internal user database of ACS.


aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents