Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

enable password option in 'Internal Identity Store|users' on ACS 5.1

Hi !

I would like to know what is the purpose of enable password option in the user indentity form on ACS server version 5.1.  The only possibility was to have a personnalized enable password per user, I had defined a specific password for one user and when I try to use that password to go in enable privillege 15 the attempt failed each time.  I try to removed locally defined enable password on the AAA client and all new attempt failed also !

  • AAA Identity and NAC
2 REPLIES
Cisco Employee

Re: enable password option in 'Internal Identity Store|users' on

Yes, The purpose of the " TACACS Enable Password " field in theUsers > Authentication Settings page is to allow a separate enable password to be defined in the internal user record.

You need to check the cause of failure of the enable request. Best place to look is at "

Monitoring & Reports > Reports > Catalog > AAA Protocol > TACACS_Authentication". This should give a failure reason for the request

New Member

Re: enable password option in 'Internal Identity Store|users' on

Thanks a lot !

I know why my attemp failed when I used user defined enable password, the only enable password is useable is which one is configure on the device itself.  What I don't is why the user defined password did not replaced the enable password define on the AAA client configuration ?

I had try a new access this morning on my AAA client with "serge" username.  On the ACS "serge" username have different password then which one is defined (bozo) on the AAA client running-config (cisco).  When I try to use bozo as an enable password the authentication failed when I was logged with serge's credentials if I used cisco as an enable password this is working !  In the report I seen no authentication failed for my attempt with bozo as an enable password.  I had only one entry which was successfull when I was successfully logged on the device ! nothing about when I failed to enter in privillege level 15 with bozo password or when I was successfully enter in privillege level 15 with cisco as enable password !

552
Views
4
Helpful
2
Replies
This widget could not be displayed.