Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1703
Views
0
Helpful
18
Replies

Microsoft IAS 2003 login authentication issues

Go to solution
sloov187
Level 1
Level 1

‎09-14-2008 09:28 PM - edited ‎03-10-2019 04:05 PM

I have searched and searched for an answer to this, but noghting seems to be working. I have IAS authenticating users for login authentication on a 1230ag AP and a 2950 switch using Active Directory for the user database. I have it working just fine except for the fact that I can't get the device and IAS to send the user directly to enable mode even after adding the "shell:priv-lvl=15" vendor attribute to the access policy. Will someone post the steps that have worked for them that allows AAA login authentication with local users database for a backup? Any help would be much appreciated. I should add that it only allows me level 1 access on the console, telnet, and web interface (on the AP) and I did a debug on the AAA process and though I didn't copy it to a txt file it looked as though the "shell:priv-lvl=15" was reaching the AP and the switch. Thanks.

Labels:
0 Helpful
18 Replies 18

Go to solution
Premdeep Banga
Level 7
Level 7
In response to sloov187

‎09-19-2008 03:14 PM

ip http server

ip http authentication aaa

Should take care of it.

0 Helpful

Go to solution
sloov187
Level 1
Level 1
In response to Premdeep Banga

‎09-22-2008 12:22 PM

Another question for you Prem. I'd like to keep the Console port to use local username and password. If I already have the console setup to use AAA, how do I get it to go back to strictly using the local list?

Thanks

0 Helpful

Go to solution
Premdeep Banga
Level 7
Level 7
In response to sloov187

‎09-22-2008 12:23 PM

aaa authentication login CON local

line con 0

login authentication CON

privilege level 15

Regards,

Prem

Please rate if it helps!

0 Helpful

Go to solution
sloov187
Level 1
Level 1
In response to Premdeep Banga

‎10-04-2008 10:50 AM

Prem,

The switches and access points are all working great, but now I am having issues with SDM on my routers. SDM works fine using RADIUS as long as I leave the console port set to authenticate through AAA, but as soon as I set it to use the local login CON profile I can still get in through the vty and console interfaces using RADIUS or local credentials, but SDM will not accept the local username and password or the AD credentials through RADIUS. My question is, what do the console port settings have to do with the ip http server settings? Why will SDM only authenticate when I have the console port set AAA?

Thanks

0 Helpful
Customers Also Viewed These Support Documents