Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1645
Views
5
Helpful
1
Replies

TACACS+ and Local Authentication Simultaneously

scott3560
Level 1
Level 1

‎09-13-2010 11:00 AM - edited ‎03-10-2019 05:24 PM

Is there any way that authentication can be configured to use TACACS+ and local authentication simultaneously.  For example, most users will have user profiles and will be authenticated using a TACACS server, but a few accounts will be configured locally on the Cisco device.  I have used the following two configurations:

aaa authentication login default group tacacs+ local

(This configuration only goes to the local database if communication with the TACACS server fails completely)

aaa authentication login default local group tacacs+

(This configuration only checks the local database and never goes to the TACACS server)

I have not been able to find a configuration that will use TACACS and local authentication simultaneously

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

‎09-13-2010 11:34 AM

You cannot do what you are trying to do. For (default login you need to use the first policy matched.

you can diversify telnet/ssh with http by  creating different aaa groups.

But still you will be loging in for telnet users (all of them) using one method.

I hope it is clear.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents