enable password option in 'Internal Identity Store|users' on ACS 5.1

xine xine · ‎12-15-2009

Hi !

I would like to know what is the purpose of enable password option in the user indentity form on ACS server version 5.1. The only possibility was to have a personnalized enable password per user, I had defined a specific password for one user and when I try to use that password to go in enable privillege 15 the attempt failed each time. I try to removed locally defined enable password on the AAA client and all new attempt failed also !

jrabinow · ‎12-15-2009

Yes, The purpose of the " TACACS Enable Password " field in theUsers > Authentication Settings page is to allow a separate enable password to be defined in the internal user record.

You need to check the cause of failure of the enable request. Best place to look is at "

Monitoring & Reports > Reports > Catalog > AAA Protocol > TACACS_Authentication". This should give a failure reason for the request

xine xine · ‎12-16-2009

Thanks a lot !

I know why my attemp failed when I used user defined enable password, the only enable password is useable is which one is configure on the device itself. What I don't is why the user defined password did not replaced the enable password define on the AAA client configuration ?

I had try a new access this morning on my AAA client with "serge" username. On the ACS "serge" username have different password then which one is defined (bozo) on the AAA client running-config (cisco). When I try to use bozo as an enable password the authentication failed when I was logged with serge's credentials if I used cisco as an enable password this is working ! In the report I seen no authentication failed for my attempt with bozo as an enable password. I had only one entry which was successfull when I was successfully logged on the device ! nothing about when I failed to enter in privillege level 15 with bozo password or when I was successfully enter in privillege level 15 with cisco as enable password !