Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS 12.4 enable authetication TACACs+ failing on $enab15$!!

Hi,

We have cisco router IOS 12.4 setup for

AAA authetication login default TACACs+...telnet login works fine ...with the TACACS+user...we also haev aaa authetication enable default TACACs+ configured and allowed cisco pap password for user...now when the authenticated TACACs user tries to enable ...authetication error happens ..and the logs /debug +acs 3.2(T+ server) show unknown user $enab15$...can anyone suggest as to why this happening when the user shown shud be the same user who had gone into usermode and now was trying enable...pointers appreciated

6 REPLIES

Re: IOS 12.4 enable authetication TACACs+ failing on $enab15$!!

It?s a bug,

If you are on 12.4(13) go to 12.4(13a)

Regards,

Prem

New Member

Re: IOS 12.4 enable authetication TACACs+ failing on $enab15$!!

Hi thanks for that ...we are in a severly change/release controlled environ ...does that mean it is a bug!..we have another IOS 12.4(13) ..it works fine ...that is strange ,is it supposed to behave this way ..is there any workaround

Thanks

Re: IOS 12.4 enable authetication TACACs+ failing on $enab15$!!

CSCsh76038 & CSCin98780, check their details,

work around that i can suggest is to skip the enable authentication and go directly to privileged exec mode using command,

aaa authorization exec default group tacacs+ local

And specify the privilege level on ACS i.e. check "Shell" and "Privilege Level" with value of the privilege like 2, 15 etc.

Regards,

Prem

New Member

Re: IOS 12.4 enable authetication TACACs+ failing on $enab15$!!

Just adding is there an cisco BID equivalent listed somewhere for justifying this ???

Appreciate help

New Member

Re: IOS 12.4 enable authetication TACACs+ failing on $enab15$!!

Yikes we have usergroups and device groups routers mapped with appropriate privilges ..works fine for all but ...how do we workaround now ???

Thanks

Re: IOS 12.4 enable authetication TACACs+ failing on $enab15$!!

Get an insight by an expert.

I wont suggest you anything at this point, as it would require to have your topology details, and if you cannot go to the fixed version as stated by bug, and some are working and some are not.

I think, someone needs to understand the whole situation in depth, before going for any kind of work around.

Regards,

Prem

456
Views
0
Helpful
6
Replies