Have a user that cannot get to en prompt. Here is my trace output:

AAA/AUTHEN: update_user user='lduncan' ruser='(null)' port='telnet146' rem_addr=

'10.128.20.110' authen_type=1 service=ENABLE priv=152007 Oct 16 10:57:07.360 EST

-04:00

AAA/AUTHEN/START (0): port='telnet146' list='(null)' action=LOGIN service=ENABLE

TAC+: send AUTHEN/START packet ver=192 id=626074205

TAC+: Opening TCP/IP connection to 10.129.12.196

TAC+: ver=192 id=626074205 received AUTHEN status = GETPASS2007 Oct 16 10:57:08.

440 EST -04:00

AAA/AUTHEN (626074205): status = GETPASSPassword: 2007 Oct 16 10:57:11.200 EST -

04:00 *62*2007 Oct 16 10:57:11.440 EST -04:00 *69*2007 Oct 16 10:57:11.800 EST -

04:00 *67*2007 Oct 16 10:57:12.050 EST -04:00 *74*2007 Oct 16 10:57:12.300 EST -

04:00 *6f*2007 Oct 16 10:57:12.530 EST -04:00 *65*

2007 Oct 16 10:57:12.950 EST -04:00

AAA/AUTHEN/CONT (626074205): continue_login2007 Oct 16 10:57:12.950 EST -04:00

AAA/AUTHEN (626074205): status = GETPASS

TAC+: send AUTHEN/CONT packet id=626074205

TAC+: ver=192 id=626074205 received AUTHEN status = PASS2007 Oct 16 10:57:13.460

EST -04:00

AAA/AUTHEN (626074205): status = PASS2007 Oct 16 10:57:13.460 EST -04:00 return

PASS

2007 Oct 16 10:57:13.460 EST -04:00

AAA/AUTHOR : ptr2=enable

2007 Oct 16 10:57:13.470 EST -04:00

AAA/AUTHOR : Add AV service=shell

2007 Oct 16 10:57:13.470 EST -04:00

AAA/AUTHOR : Add AV cmd=enable

2007 Oct 16 10:57:13.470 EST -04:00

AAA/AUTHOR/TACACS+ cmd author (413075467): Port='telnet146' list='(null)' servic

e=CMD2007 Oct 16 10:57:13.480 EST -04:00

AAA/AUTHOR/TACACS+ cmd author: (413075467) user='lduncan'2007 Oct 16 10:57:13.4

80 EST -04:00

AAA/AUTHOR/TACACS+ cmd author: (413075467) send AV service=shell2007 Oct 16 10:5

7:13.480 EST -04:00

AAA/AUTHOR/TACACS+ cmd author: (413075467) send AV cmd=enable

AAA/AUTHOR/TACACS+ cmd author: (413075467) Method=TAC_PLUS2007 Oct 16 10:57:13.4

90 EST -04:00

AAA/AUTHOR/TAC+: (413075467): user=lduncan2007 Oct 16 10:57:13.490 EST -04:00

AAA/AUTHOR/TAC+: (413075467): send AV service=shell2007 Oct 16 10:57:13.490 EST

-04:00

AAA/AUTHOR/TAC+: (413075467): send AV cmd=enable

TAC+: Opening TCP/IP connection to 10.129.12.196

TAC+: (413075467): received author response status = FAIL2007 Oct 16 10:57:14.50

0 EST -04:00

AAA/AUTHOR (413075467): Post authorization status = FAIL2007 Oct 16 10:57:14.500

EST -04:00

AAA/AUTHOR : do_author result=12007 Oct 16 10:57:14.500 EST -04:00 %AAA: author:

tacacs_plus_author ret=1.

Enable mode authorization faile

I have checked his user info and group info in tacacs.