cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
115316
Views
20
Helpful
12
Replies

Error in Authentication

nytrogeno
Level 1
Level 1

Hello, I have a problem of authentication by console. When I connect myself requests to me to user and password and I do not have left in way "INABLE". Entrance commands inable and his password but Error in Authentication sends following mensage "%". Also I indicate to them that I am using ACS and that commando entered them is the following ones:

aaa new-model

aaa authentication login default group tacacs+ local-case enable

aaa authentication enable default group tacacs+ line enable none

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default local if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

enable secret 5 cisco

enable password Cisco

Thank

Nytrogeno

1 Accepted Solution

Accepted Solutions

Nytrogeno

I understand that English is difficult for you. That is the reason that I wanted to be sure that I had a correct understanding of your problem. I hope we can resolve your problem without English being too much of an issue.

It is helpful to know that you are authenticating with TACACS. In this case I am sure that the problem is that the user ID created in TACACS is not set up for enable access on that switch. I am not clear whether you set up the TACACS or someone else did. But whoever is the administrator of the TACACS should check the configuration of this user ID and should permit enable access for this ID on this device.

There is an alternative to configure aaa on the switch to use the enable secret of the switch to authenticate enable access. But I believe that getting the user ID in TACACS correct is a better solution.

HTH

Rick

HTH

Rick

View solution in original post

12 Replies 12

nytrogeno
Level 1
Level 1

this error:

"% Error in Authentication"

Thank

Nytrogeno

ensure you have configure enable secret
And, ensure you are in user exec mode RTR>
then type "RTR> enable view <view_name>" 
supply the view's secrete password configured.

If you follow the above info. you should be able to login to the configured view. the mistake most of us are doing is that, we still want to access the special view suing regular enable command with our generic enable secrete password. 

spremkumar
Level 9
Level 9

hi

can u post out the config related to the tacacs group and also to the console port..

regds

OK. attached configuration of switch

Nytrogeno

Nytrogeno

I am not sure if I have a correct understanding of your problem. I believe that you are saying that you connect to the console port of the switch and that you are able to get into user mode by specifying a username and password. But when you attempt to get into enable mode you get an authentication error. If that is not the correct understanding please clarify.

I have looked at the config that you posted and I believe that I may see the problem. You have configured this statement:

aaa authentication enable default group tacacs+ line enable none

This specifies that enable mode should attempt to authenticate with TACACS and if there is an error in TACACS it should authenticate with the line password.

I believe that there are two things that may be problems. 1) You may be authenticating with TACACS and the user ID you are signing in with is not set up in TACACS for enable access to this device. or 2) You are not authenticating with TACACS and the switch is trying to authenticate with the line password but there is no line password configured on the console.

I suggest that first you determine whether you are authenticating with TACACS or not. You should be able to tell this by looking in the TACACS logs, or you could determine this by running debug tacacs authentication and seeing if the authentication request to TACACS is getting responses. If you are authenticating with TACACS then you need to check how the user ID is set up in TACACS.

If you are not authenticating with TACACS then I can think of two ways to fix the problem. You could configure a line password on the console. Or you could change the enable authentication like this:

aaa authentication enable default group tacacs+ enable none

I would prefer the second solution, but either one should work.

HTH

Rick

HTH

Rick

Rick:

I believe that you have understood well my problem. I connect in the port console using tacacs (ACS v3.3).

When authenticating I have left in the first way example:

Username: mnunez

Password: ********

SW2950 >

When entrance the inable way requests password to me which entrance

SW2950>enable

Password:Cisco

% Error in Authentication

SW2950>

This is my problem (% Error in Authentication). The unica (only) form to be able to enter is

1) removing switch from the network (So that host 192,168,69,147 does not look for the tacacs-server configuration key Cisco

Or

2) to remove switch in servant ACS.

I have not found the form to be able to enter to switch of another form.

Reason why I understand I have formed an account in switch (line username admin password ADMINcom) which entrance but gives the same error me. I create to have a problem in configuration AAA.

I hope can help me.

It excuses my english, I do not speak much this language.

Thank

Nytrogeno

Nytrogeno

I understand that English is difficult for you. That is the reason that I wanted to be sure that I had a correct understanding of your problem. I hope we can resolve your problem without English being too much of an issue.

It is helpful to know that you are authenticating with TACACS. In this case I am sure that the problem is that the user ID created in TACACS is not set up for enable access on that switch. I am not clear whether you set up the TACACS or someone else did. But whoever is the administrator of the TACACS should check the configuration of this user ID and should permit enable access for this ID on this device.

There is an alternative to configure aaa on the switch to use the enable secret of the switch to authenticate enable access. But I believe that getting the user ID in TACACS correct is a better solution.

HTH

Rick

HTH

Rick

Rick,

I have the fault in line of command who follows:

aaa authentication enable default tacacs+ line enable none

Solution:

no aaa authentication enable default tacacs+ line enable none

aaa authentication enable default enable

Thanks to all for your help.

Nytrogeno

Hi Richard,
Actually I have same problem when I connect with user tacacs with switch of my company By telnet not console first I entered enable then when entered (config t ) this message is appeared ((Command authorization failed)) so I can't continue to configure switch is that any way to solve this problem without contact with tacacs administrator ????????

Thank you Very very helpful!

oarh93001
Level 1
Level 1

You just want to make password for your admin mode

(config) #enable password <password>

Or

(config) #enable secret <password >

RachelGomez161999
Spotlight
Spotlight

The next time a Wi-Fi authentication issue happens to you, here are the most common ways to troubleshoot and solve the error.
Toggle Airplane mode.
Forget and reconnect to the Wi-Fi network.
Reboot your Wi-Fi router.
Change the network from DHCP to Static.
Reset your network settings.

 

Greeting,

Rachel Gomez

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: