PIX enable authentication with Freeware TACACS+

Unanswered Question
Jan 30th, 2004
User Badges:

I am running PIX 6.3 with Freeware TACACS+.The TACACS+ server is working fine with all routers in my network but i have problems when trying to authenticate users with the PIX, especially with enable authentication. The configuration of the TACACS+ server for the user is:

user {

login = cleartext " "


and the message in the tacacs log file is

tac_plus: enable query rejected

Any help would be greatly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
awaheed Sat, 01/31/2004 - 13:41
User Badges:
  • Cisco Employee,

Hi Iganeva,

Just wanted to let you know that for the earlier code's which worked with the PIX, we have seen it to work with the following config in the freeware TACACS+:

user = pixtest {

login = cleartext cisco123

service = enable {



Now that said, the way the PIX used to allow Login, was changed in the later codes, and that might have broken the implementation for the Feeware TACSCS+

Details: www.cisco.com/support/bugtools/


Externally found enhancement defect: Verified (V)

PIX enable authentication only requires login password.

Also, as its a Freeware you might have to can run debug on the freeware server to see if they can reverse-engineer the free code to make it work.

hope this helps,





This Discussion