cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
598
Views
0
Helpful
3
Replies

HTTP authentication via ACS TACACS+.

andrea.meconi
Level 2
Level 2

Hi.

I configure a router for tacacs+ access and the console and CLI work fine.

HTTP access continually prompts for password and I can never gain access via web.

I have tried the various cli combinations of IP HTTP AUTHENTICATION, but still does not seem to work with tacacs+.

Debug authentication and authorization are ok (PASS)!

Any suggestions??

Thanks.

Andrea.

3 Replies 3

premdeep.banga
Level 1
Level 1

Hi Andrea,

Make sure that you have privilege level 15, for your account, as telnet can work without it, but for http its a must.

You can configure it for Group, under whihc you have your user account or per user basis too.

Select group > Edit Settings > TACACS+ section

Check "Shell" and "Privilege level" and in box in front of privilege level, put number "15".

Also if you have configured enable authentication via TACACS+ ,amake sure under your user account you have selected "Use CiscoSecure..." option under TACACS+ enable password if you have your account configured on ACS, of select other as appropriate.

Let me know if it helps :)

I suppose you have "ip http authentiaction aaa" command configured.

Thanks for your help.

Yes, I'm using "ip http authe aaa" and all settings seem to be ok.

Debug aaa authe/autho are ok: PASS for all, I believe!

May 22 10:30:18.014: TPLUS: Received authen response status PASS (2)

May 22 10:30:18.022: TPLUS: received authorization response for 0: PASS

Andrea.

If you have, checked "shell", "privlege level" and set it to 15 and on user account you are using TACACS+ enable password, appropriately. Then I think you need to contact TAC, as you have set everything appropriately. In case its AP, then there's an option to cache username/password while authentication, as for HTTP access for AP, it requires username/password several times.

Rest seems to be okay...

Again make sure

-Shell is checked.

-Privilege level is checked and set to 15

-under user account, we are using TACACS+ enable password section appropriately (it should not be use seprate password with blank field)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: