I have a customer whom is currently using TACACS to authenticate incoming Admin session requests to the ASA appliance. Currently is uses TACACS and prompts for a username and password when you SSH to the box. Once authenticated, and then to enter priveleged EXEC mode after issuing the >enable command, the user will enter his/her password again to go to PRIV EXEC mode.
We want to change this scenario a bit. We still want the ASA to query the TACACS server to validate the user. But thereafter we want to use the LOCAL enable password on the ASA as the password to be referenced for PRIV EXEC mode.
What command will tell the ASA to reference the enable password, and not use TACACS?
Can you point me to where this is on the ACS box? And what version of ACS are you running. We were looking for this option on the ACS box and to this point unable to find it.
Hello. I'd like to join your conversation, because I have same problem.
I configure 'Use separate password', and now this password used for enable command. By the question was how to configure for using 'enable password' in Asa configuration? Or I need to configure 'Asa enable password' for all user accounts in ACS database as 'separate password' line?
Good question. I could not get it to work other than your suggestion of configure 'Asa enable password' for all user accounts in ACS database as 'separate password' line Thaat actually makes sense since the ASA is using AAA authentication and the enable password is local.
I appreciate your input on this to this point.
I am still having difficulty locating the screen from your screen shot. Is there a chance that you could provide the exact path.
I did not see it at the path "Administration Control>Administrators>(username) which is where I thought it would be.