Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Password Required but None Set (ssh)

Hi,

I am stumped...I several 3750x switches (IOS 15.0(2)SE4) configured to authenticate through NPS (radius).  When I ssh into those switches, I can authenticate via Radius successfully.  However, when I type enable, I get this message: password required but none set....password:____.  It will accept my enable password without issues. 

I have 3750g switches and do not encounter this message when typing in my enable password. 

I'm trying to figure out what is causing that message.  This is my configuration for aaa, loging, and line vty:

service password-encryption

aaa new-model

aaa authentication login default group radius local-case

aaa authorization exec default group radius if-authenticated

aaa session-id common

username admin1 privilege 0 password Admin12!@    //changed username & password

enable secret 5 ***************

line vty 0 4

session-timeout 10

logging synchronous

transport preferred none

transport input ssh

transport output none

Thanks,

Ealey

  • AAA Identity and NAC
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Password Required but None Set (ssh)

Ealey

This is a bit of an odd behavior. I suspect that it has something to do with changes in IOS 15.0.

I think that part of the issue is that you have not provided any aaa authentication commands for access to enable mode. Would you want to control access to enable mode through Radius similar to what you do for user mode? Or would you want to just use the enable password. I suspect that if you put that into the configuration that it might solve this issue. It might look like this if you want to use radius

aaa authentication enable default group radius enable

or it might look like this if you want just the enable password

aaa authentication enable default enable

Give one of these a try and let us know if it helps.

HTH

Rick

Bronze

Password Required but None Set (ssh)

Hi there,

Try adding the enable line in.

eg  aaa authentication enable default group radius enable

Regards,

Brad

8 REPLIES
Hall of Fame Super Silver

Password Required but None Set (ssh)

Ealey

This is a bit of an odd behavior. I suspect that it has something to do with changes in IOS 15.0.

I think that part of the issue is that you have not provided any aaa authentication commands for access to enable mode. Would you want to control access to enable mode through Radius similar to what you do for user mode? Or would you want to just use the enable password. I suspect that if you put that into the configuration that it might solve this issue. It might look like this if you want to use radius

aaa authentication enable default group radius enable

or it might look like this if you want just the enable password

aaa authentication enable default enable

Give one of these a try and let us know if it helps.

HTH

Rick

New Member

Password Required but None Set (ssh)

Rick,

Thanks for the response.  Since I want the authentication to start with Radius then local, I tried your AAA enable statement to this:

aaa authentication login default group radius local-case enable

No luck.  I'm still getting that statement.  However, I am going to revert back to an eariler IOS to see if it is a quirk with the 15.0(2)SE4. 

I'll let you know if it works. 

Thanks,

Ealey

Bronze

Password Required but None Set (ssh)

Hi there,

Try adding the enable line in.

eg  aaa authentication enable default group radius enable

Regards,

Brad

Hall of Fame Super Silver

Password Required but None Set (ssh)

Ealey

Thank you for letting us know that you have verified that the behavior is related to the version of code that is running. That is helpful to know.

HTH

Rick

New Member

Password Required but None Set (ssh)

Brad,

I modified it a bit since we don't use radius for our enable. 

aaa authentication enable default enable

Strange that we have to spell out where our enable password is coming from. 

Thanks,

Ealey

Hall of Fame Super Silver

Password Required but None Set (ssh)

Ealey

I wonder if it has something to do with the fact that you are using a type 5 enable secret. Early versions of 15.0, such as the one that you were running, were going to deprecate the type 5 enable secret in favor of a type 4 enable secret. Cisco has since then changed their position and the type 5 enable secret is still the standard. But I wonder if in that early version of code that was running if the code was not happy about using a type 5 enable secret.

Or maybe it was just a buggy behavior that got corrected. In any case now you have it doing the behavior that you wanted. And that is a good thing

HTH

Rick

Password Required but None Set (ssh)

Pls set the privilege level in the local user database using the following method.

username cisco password cisco

username cisco privilege 15

New Member

Password Required but None Set (ssh)

My local username is set at 0. 

Regardless, the message appears with Radius or local login authentication.

Thanks,

Ealey

864
Views
10
Helpful
8
Replies
This widget could not be displayed.