Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.1 authorization fails for priv lvl 15

I am having a hard time figuring out why authorization fails for users when logging into a switch/router using tacacs to ACS 4.1.123. Authentication does work and I have shell exec and priv=15 service enabled. Am I missing something else?

2 REPLIES

Re: ACS 4.1 authorization fails for priv lvl 15

Make sure you have exec authorization command in the router/switch,

aaa authorization exec default group tacacs if-authenticated

Also disable single connect on router and on ACS-->network configuration-->AAA-client-->Router. Uncheck single connect.

If still issue is there then please get debugs,

debug tacacs

debug aaa authentication

debug aaa authorization

Regards,

~JG

Do rate helpful posts

Cisco Employee

Re: ACS 4.1 authorization fails for priv lvl 15

Hi,

Are you getting "authorization failed" or "command authorization failed"?

Along with the debugs, also get the output of this command:

Sh run | in aaa

HTH

JK

Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
169
Views
0
Helpful
2
Replies