Solved: FWSM not accessible with local accounts if AAA is configured

pweichmann · ‎01-31-2008

I do have an issue that I am not able to log in with telnet to our FWSM with a local account created in the system context.

Let's say I have an account usera with password 12345 and I do have AAA configured with LOCAL added as well.

When I try to log in I see the login on the ACS as failed which is correct but then it should check the local database and see that this user exists and should let me in.

Does anybody have an idea what could be the problem?

Fernando_Meza · ‎01-31-2008

Hi ..

It sounds like you have configured AAA using two methods of authentication (RADIUS or TACACS and LOCAL). If that is correct, then be aware that LOCAL authentication will be checked only if the server(s) referred by the first method of authentication (the ACS in your case) is unavailable. The second authentication method (LOCAL in your case) will not be checked if the FWSM can contact the ACS server.

I hope it helps .. please rate it if it does !!!

View solution in original post

Fernando_Meza · ‎01-31-2008

Hi ..

It sounds like you have configured AAA using two methods of authentication (RADIUS or TACACS and LOCAL). If that is correct, then be aware that LOCAL authentication will be checked only if the server(s) referred by the first method of authentication (the ACS in your case) is unavailable. The second authentication method (LOCAL in your case) will not be checked if the FWSM can contact the ACS server.

I hope it helps .. please rate it if it does !!!