I trying to set the identity source to use Active Directory's reside credential as the method for authentication.
Connection between AD and ACS was establish and connected.
The moment i trying to telnet from remote site, i able to proceed on first state username-password authentication, but once come to enable password, it prompt me authentication failure even with the right password.
The error log for this case is "13029 Requested privilege level too high"
If i switch the identity source to local it won't have such problem.
Platform for these case is
- C6500 with IOS 12.2(33) SXJ1
- ACS 22.214.171.124
So, at ACS, i set the identity store at access policies > access_name > identity
For Device administration > shell profile in use setting the default privilege and maximum privelege to value 15. The name of sthe shell profiles is "full_privilege"
Below is my switch config snipet:-
aaa group server tacacs+ TAC_PLUS
server name AUTH
tacacs server AUTH
address ipv4 10.10.21.251
aaa authentication login TAC_PLUS group tacacs+ local
aaa authentication enable default group TAC_PLUS none
aaa authorization exec TAC_PLUS group tacacs+ if-authenticated
aaa authorization commands 15 TAC_PLUS group tacacs+ local
aaa authorization network TAC_PLUS group tacacs+ local
aaa accounting update periodic 1
aaa accounting exec TAC_PLUS start-stop group tacacs+
aaa accounting network TAC_PLUS start-stop group tacacs+
aaa accounting connection TAC_PLUS start-stop group tacacs+
Hi Noel, I have a similar problem as yours, I'm trying to fix with your comments but I have a doubt, could you please paste a print screen of your Access Policies profile named "Device Admin", I appreciate a lot your help.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...