Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Local User Database for AAA/TACACS+

hi all,

i configured our new ASA 5525-X for AAA/TACACS+ but got locked out so i have to reboot.

when i applied the AAA config, it showed an error saying 'enable_15' in not in LOCAL database.

it this the fallback method or should it be the telnet/enable passwords that should be used?

is this for ASDM purpose?

 

ASA02/admin# sh run
Fallback authorization. Username 'enable_15' not in LOCAL database

1 ACCEPTED SOLUTION

Accepted Solutions

Hi John,On AAA settings you

Hi John,

On AAA settings you have mentioned Tacacs and LOCAL as the fall back option.... but have you created with privilege 15. If you have created as such you shouldn't get that error pops.

 

username <name> password [PASSWORD] encrypted privilege 15

 

Hope this helps

Regards

Karthik

 

5 REPLIES

Hi John, This is due to the

Hi John,

 

This is due to the authorization / aaa setting in a multi context firewall. You need to tweak it carefully to avoid confusion. You can follow the below mentioned document to understand it better.

 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/mgaccess.html

 

Hope this helps.

 

Regards

Karthik

Hi Karthik,

Hi Karthik, Thanks for the link but it gave me more questions rather than answers. I didn't find if the local user is for ASDM access and if AAA commands is applied to the 'admin' context only and would be able to manage other virtual contexts that has no AAA config.

Hi John,On AAA settings you

Hi John,

On AAA settings you have mentioned Tacacs and LOCAL as the fall back option.... but have you created with privilege 15. If you have created as such you shouldn't get that error pops.

 

username <name> password [PASSWORD] encrypted privilege 15

 

Hope this helps

Regards

Karthik

 

hi karthik,i didn't configure

hi karthik,

i didn't configure the local user that's why i got locked out.

i thought that this was initially for ASDM that's why i left it out.

Hi John,Good to know that

Hi John,

Good to know that your issue is solved. Thanks!!!

 

Regards

Karthik

334
Views
0
Helpful
5
Replies