Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACS 5.5 - Issue where cannot login directly into Priv Exec

Hi, I have configured the ACS 5.5 following a number of documents, the last one being a support forum doc, "How to Configure tacacs Authentication and Authorization for Admin and non-Admin users in ACS 5.1", yet each time when I login to the Cisco device, it logs me directly into user exec mode and not priv exec.

I am sure I had it working earlier but it is no longer working. Any ideas anyone?

The Designer Shell profile has the following configured with the 2 privilege settings as 15.

Service selection rules:

The Device Authorisation Policy is as follows;

The cisco AAA commands are;

aaa new-model
aaa authentication login default group tacacs+ line enable
aaa authentication enable default group tacacs+ line enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

 

 

3 REPLIES
Silver

Hi Russel,As this the ACS in

Hi Russel,

As this the ACS in the backend, could you share the exported detailed PDF (magnifying glass and print to pdf on top left) of the Tacacs+ Authorization attempt on the ACS when you login.

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
Community Member

Anyone find a fix for this?

Worked thanks

for different IOS the

for different IOS the commands are diff, So please have a look on:

How to Assign Privilege Levels with TACACS+ and RADIUS:

http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

239
Views
0
Helpful
3
Replies
CreatePlease to create content