Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

As I see the "Command denied" in Failed Attempts report

Hello.

In Failed Attempts report, under "Author-Failure-Code" I get "Command denied". Is there any way to record the commands that the user wanted to enter?

Thanks!.

5 REPLIES
Cisco Employee

Re: As I see the "Command denied" in Failed Attempts report

Hi kevin,

What command are you trying to execute?

Do you have accounting enabled on the devices? If yes, then look under the tacacs administration logs and copy the command that is not working.

Looks like the command you are trying to execute is not allowed under the command set.

Configuration example:

======================

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

HTH

JK

Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: As I see the "Command denied" in Failed Attempts report

Thanks for your reply. I Shell Command Authorization Sets configured to only allow commands: show, ping, traceroute.

when a user executes a command that is not possible in the Failed Attempts report log is generated "Command denied", as I know which command the user try to run?

Re: As I see the "Command denied" in Failed Attempts report

Kevin,

You should see something like this in the

failed attempts:

Command denied service=shell cmd=interface FastEthernet 0 21

By this we can see that the argument that is being sent by the switch command parser is actually 'FastEthernet 0 21'

So user tried to execute command " interface FastEthernet 0\21.

Regards,

~JG

Do rate helpful post.

New Member

Re: As I see the "Command denied" in Failed Attempts report

Thanks for responding.

failed in the report do not show me the Command denied . attached configuration.

I am using

CiscoSecure ACS

Release 4.2(0) Build 124 Patch 13

***Tacacs+ Configuration

aaa new-model

aaa authentication attempts login 1

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization console

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

tacacs-server directed-request

tacacs-server key Presharedciscoxx

tacacs-server host 192.168.1.10

ip tacacs source-interface Loopback0

aaa authorization commands 15 default group tacacs+ if-authenticated

New Member

Re: As I see the "Command denied" in Failed Attempts report

Greetings.

had an error in the configuration of the report, had not enabled the option Author-Date .. thanks for your help! ..

447
Views
0
Helpful
5
Replies