Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6371
Views
0
Helpful
5
Replies

Local User Database for AAA/TACACS+

Go to solution
johnlloyd_13
Level 9
Level 9

‎06-14-2014 04:17 PM - edited ‎03-11-2019 09:20 PM

hi all,

i configured our new ASA 5525-X for AAA/TACACS+ but got locked out so i have to reboot.

when i applied the AAA config, it showed an error saying 'enable_15' in not in LOCAL database.

it this the fallback method or should it be the telnet/enable passwords that should be used?

is this for ASDM purpose?

 

ASA02/admin# sh run
Fallback authorization. Username 'enable_15' not in LOCAL database

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nkarthikeyan
Level 7
Level 7
In response to johnlloyd_13

‎06-15-2014 02:06 AM

Hi John,

On AAA settings you have mentioned Tacacs and LOCAL as the fall back option.... but have you created with privilege 15. If you have created as such you shouldn't get that error pops.

 

username <name> password [PASSWORD] encrypted privilege 15

 

Hope this helps

Regards

Karthik

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
nkarthikeyan
Level 7
Level 7

‎06-14-2014 10:04 PM

Hi John,

 

This is due to the authorization / aaa setting in a multi context firewall. You need to tweak it carefully to avoid confusion. You can follow the below mentioned document to understand it better.

 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/mgaccess.html

 

Hope this helps.

 

Regards

Karthik

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to nkarthikeyan

‎06-14-2014 11:03 PM

Hi Karthik, Thanks for the link but it gave me more questions rather than answers. I didn't find if the local user is for ASDM access and if AAA commands is applied to the 'admin' context only and would be able to manage other virtual contexts that has no AAA config.
0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to johnlloyd_13

‎06-15-2014 02:06 AM

Hi John,

On AAA settings you have mentioned Tacacs and LOCAL as the fall back option.... but have you created with privilege 15. If you have created as such you shouldn't get that error pops.

 

username <name> password [PASSWORD] encrypted privilege 15

 

Hope this helps

Regards

Karthik

 

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to nkarthikeyan

‎06-16-2014 12:55 AM

hi karthik,

i didn't configure the local user that's why i got locked out.

i thought that this was initially for ASDM that's why i left it out.

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to johnlloyd_13

‎06-16-2014 01:32 AM

Hi John,

Good to know that your issue is solved. Thanks!!!

 

Regards

Karthik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card