Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Problem whit configuration AAA authorization

Hi all!

I'm having problem with configuration AAA authorization.

I'm not authenticate from outside, output message "user none". But inside I can authenticate normally.

Following configuration not working:

aaa new-model

aaa authentication login default group tacacs+ line

aaa authentication login CONSOLE line

aaa authentication enable default group tacacs+ enable

aaa authorization console

aaa authorization exec default group tacacs+ none

aaa authorization commands 15 default group tacacs+ none

aaa authorization network default group tacacs+ none

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

Following configuration is ok:

aaa new-model

aaa authentication login default group tacacs+ line

aaa authentication login CONSOLE line

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

IOS (tm) C2600 Software (C2600-JS-M), Version 12.1(18), RELEASE SOFTWARE (fc1)

Appreciate any help.

Thanks!

7 REPLIES

Re: Problem whit configuration AAA authorization

I am sorry, what is your actual problem? when you try to telnet from the outside world, you are getting a failure and not happening when coming from inside?

Community Member

Re: Problem whit configuration AAA authorization

Hi imartino!

Yes, this is the problem.

Thanks

Re: Problem whit configuration AAA authorization

Please go ahead and turn on this debugs and post them here:

debug aaa authentication

debug aaa authorization

debug aaa subsy

debug aaa tacacs

Community Member

Re: Problem whit configuration AAA authorization

line vty 0 4

login authentication default

login authorization default

Community Member

Re: Problem whit configuration AAA authorization

Hi aneelaka!

This command is not valid.

See print.

Thanks.

Re: Problem whit configuration AAA authorization

With your lines aaa authentication.... default, that should be covered. You might want to get those debugs some time...

Community Member

Re: Problem whit configuration AAA authorization

On ACS server try enable or grant privilege level 15 for the user or group that need to get login to the network device.

HTH

162
Views
0
Helpful
7
Replies
CreatePlease to create content