04-23-2012 07:40 AM - edited 03-10-2019 07:01 PM
hi,
I'm trying to configure HTTP server to authenticate users with AAA platform. I get the following error while trying to connect with Cisco Configuration Pro:
TNRTAGCS01002#
Apr 23 15:29:42.129 CET: HTTP AAA Login-Authentication List name: default
Apr 23 15:29:42.165 CET: HTTP: Authentication failed for realm level_15 or view_access
Apr 23 15:29:42.165 CET: HTTP: Authentication failed for level 15
Apr 23 15:29:44.193 CET: HTTP AAA Login-Authentication List name: default
Apr 23 15:29:44.225 CET: HTTP: Authentication failed for realm level_15 or view_access
Apr 23 15:29:44.225 CET: HTTP: Authentication failed for level 15
Here's the AAA config:
aaa new-model
!
!
aaa group server tacacs+ TACACS_group
server {A}
server {B}
!
tacacs-server host A key A1
tacacs-server host B key B1
!
ip tacacs source-interface GigabitEthernet0/0.1900
!
aaa authentication login default group TACACS_group local
aaa authentication enable default none
aaa authorization config-commands
aaa authorization commands 1 default group TACACS_group if-authenticated
aaa authorization commands 15 default group TACACS_group if-authenticated
aaa accounting exec default
action-type start-stop
group TACACS_group
!
04-23-2012 07:20 PM
First, did you get it working using just local authentication ?
If so, I think you're missing the "ip http authentication aaa" command
Here's a good link about it http://blog.ioshints.info/2007/04/authenticating-http-requests-with-aaa.html
Please rate if it helps. Kind regards
04-24-2012 12:29 AM
Hi,
Yes, local authentication does work.
I added below the HTTP configuration:
ip http server
ip http authentication aaa login-authentication default
no ip http secure-server
I thought that HTTP would use the default method list for authentication. Is that possible or should I define a seperate AAA method list?
By the way, I always rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: