10-23-2009 12:05 PM - edited 03-10-2019 04:45 PM
I have our ASA's authenticating against ACS (tacacs+) and using ACS authorization which all works, but when the ACS server is unavailable I can log in using local authentication but I have no authorization rights. Is there a way to grant full authorization rights to the local user if ACS is unavailable?
I am using
aaa authentication ssh console <tacacs> LOCAL
aaa authorization ssh console <tacacs> LOCAL
Solved! Go to Solution.
10-23-2009 12:13 PM
Hi,
You should have a local user on the ASA with privilege 15
You can add local user like this:
(config)#username
so this user account will have full access when your tacacs goes down.
HTH
JK
Plz rate helpful posts-
10-23-2009 12:13 PM
Hi,
You should have a local user on the ASA with privilege 15
You can add local user like this:
(config)#username
so this user account will have full access when your tacacs goes down.
HTH
JK
Plz rate helpful posts-
10-23-2009 12:21 PM
Yea I did have that user.. it was becuase I had not fully logged out after applying the commands.. all okay now.. thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide