Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Error in Authentication

Hello, I have a problem of authentication by console. When I connect myself requests to me to user and password and I do not have left in way "INABLE". Entrance commands inable and his password but Error in Authentication sends following mensage "%". Also I indicate to them that I am using ACS and that commando entered them is the following ones:

aaa new-model

aaa authentication login default group tacacs+ local-case enable

aaa authentication enable default group tacacs+ line enable none

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default local if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

enable secret 5 cisco

enable password Cisco

Thank

Nytrogeno

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: Error in Authentication

Nytrogeno

I understand that English is difficult for you. That is the reason that I wanted to be sure that I had a correct understanding of your problem. I hope we can resolve your problem without English being too much of an issue.

It is helpful to know that you are authenticating with TACACS. In this case I am sure that the problem is that the user ID created in TACACS is not set up for enable access on that switch. I am not clear whether you set up the TACACS or someone else did. But whoever is the administrator of the TACACS should check the configuration of this user ID and should permit enable access for this ID on this device.

There is an alternative to configure aaa on the switch to use the enable secret of the switch to authenticate enable access. But I believe that getting the user ID in TACACS correct is a better solution.

HTH

Rick

7 REPLIES
Community Member

Re: Error in Authentication

this error:

"% Error in Authentication"

Thank

Nytrogeno

Re: Error in Authentication

hi

can u post out the config related to the tacacs group and also to the console port..

regds

Community Member

Re: Error in Authentication

OK. attached configuration of switch

Nytrogeno

Hall of Fame Super Gold

Re: Error in Authentication

Nytrogeno

I am not sure if I have a correct understanding of your problem. I believe that you are saying that you connect to the console port of the switch and that you are able to get into user mode by specifying a username and password. But when you attempt to get into enable mode you get an authentication error. If that is not the correct understanding please clarify.

I have looked at the config that you posted and I believe that I may see the problem. You have configured this statement:

aaa authentication enable default group tacacs+ line enable none

This specifies that enable mode should attempt to authenticate with TACACS and if there is an error in TACACS it should authenticate with the line password.

I believe that there are two things that may be problems. 1) You may be authenticating with TACACS and the user ID you are signing in with is not set up in TACACS for enable access to this device. or 2) You are not authenticating with TACACS and the switch is trying to authenticate with the line password but there is no line password configured on the console.

I suggest that first you determine whether you are authenticating with TACACS or not. You should be able to tell this by looking in the TACACS logs, or you could determine this by running debug tacacs authentication and seeing if the authentication request to TACACS is getting responses. If you are authenticating with TACACS then you need to check how the user ID is set up in TACACS.

If you are not authenticating with TACACS then I can think of two ways to fix the problem. You could configure a line password on the console. Or you could change the enable authentication like this:

aaa authentication enable default group tacacs+ enable none

I would prefer the second solution, but either one should work.

HTH

Rick

Community Member

Re: Error in Authentication

Rick:

I believe that you have understood well my problem. I connect in the port console using tacacs (ACS v3.3).

When authenticating I have left in the first way example:

Username: mnunez

Password: ********

SW2950 >

When entrance the inable way requests password to me which entrance

SW2950>enable

Password:Cisco

% Error in Authentication

SW2950>

This is my problem (% Error in Authentication). The unica (only) form to be able to enter is

1) removing switch from the network (So that host 192,168,69,147 does not look for the tacacs-server configuration key Cisco

Or

2) to remove switch in servant ACS.

I have not found the form to be able to enter to switch of another form.

Reason why I understand I have formed an account in switch (line username admin password ADMINcom) which entrance but gives the same error me. I create to have a problem in configuration AAA.

I hope can help me.

It excuses my english, I do not speak much this language.

Thank

Nytrogeno

Hall of Fame Super Gold

Re: Error in Authentication

Nytrogeno

I understand that English is difficult for you. That is the reason that I wanted to be sure that I had a correct understanding of your problem. I hope we can resolve your problem without English being too much of an issue.

It is helpful to know that you are authenticating with TACACS. In this case I am sure that the problem is that the user ID created in TACACS is not set up for enable access on that switch. I am not clear whether you set up the TACACS or someone else did. But whoever is the administrator of the TACACS should check the configuration of this user ID and should permit enable access for this ID on this device.

There is an alternative to configure aaa on the switch to use the enable secret of the switch to authenticate enable access. But I believe that getting the user ID in TACACS correct is a better solution.

HTH

Rick

Community Member

Re: Error in Authentication

Rick,

I have the fault in line of command who follows:

aaa authentication enable default tacacs+ line enable none

Solution:

no aaa authentication enable default tacacs+ line enable none

aaa authentication enable default enable

Thanks to all for your help.

Nytrogeno

17523
Views
5
Helpful
7
Replies
CreatePlease to create content