Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Enable password from ACS

Hi

One of my customer has configured the below commands in switches. I created a user for accessing LMS to archive configuration.The user account successfully logged in to the switch but enable password is not taking from ACS it is taking from local enable password. After I addedd this command "

aaa authorization exec default group tacacs+ " the switch was not asking fro enable password.

The customer have ACS 4.2 in that I configured ACS the Shell command enabled and privilage 15.

Please advise how to configur a user account in ACS only for LMS ?

aaa new-model

aaa authentication attempts login 5

aaa authentication login console none

aaa authentication login ssh group tacacs+ local

aaa accounting session-duration ntp-adjusted

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa session-id common

ip tacacs source-interface Vlanx

tacacs-server host 10.10.10.10 key 7 06098745612293E302426

tacacs-server timeout 60

tacacs-server directed-request

Thanks and Regards,

Abdul Hameed

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Enable password from ACS

kindly check the link

   http://www.dslreports.com/faq/9815

4 REPLIES
Silver

Re: Enable password from ACS

wel authentication method is fine in the configuration you have set the option if ACS authentication fails then local account will be used for authentication try to share the log message that you receive that will help to touble shoot as chances are the ACS is not authenticating the user.

New Member

Re: Enable password from ACS

Salaam Kashif

I couldnt find any failed attempt or passed attempt against the user account in ACS. Where can I get the log?

After I put this command " aaa authentication enable default group tacacs+ enable"

Local user account and ACS users account not able to access the switch the error was " error authentication" but when I run a test command the authentication was successfull.


Silver

Re: Enable password from ACS

kindly check the link

   http://www.dslreports.com/faq/9815

New Member

Re: Enable password from ACS

Salaam Kashif

It is working I found the commands in that page which you were given.

Thanks lot

711
Views
0
Helpful
4
Replies
CreatePlease to create content