Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Tacacs not authenticating in secure ACS

My network has a Secure ACS ver 5.30.40 and client 3750 IOS 12.2(44)SE5

aaa new-model

aaa authentication login default local group tacacs+

aaa authentication enable default group tacacs+ enable

aaa authentication console

aaa authentication exec default group tacacs+ local

aaa accounting command 15 default start-stop tacacs+

tacacs-server host X.X.X.X

tacacs-server directed-request

tacacs-server key X.X.X.X:

When a user attempts to login and access deny is returned.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

I do not have a good

I do not have a good understanding of the problem described by the original poster. There are multiple authentication methods configured and it is not clear which of them the user might be using. Lacking any specific information I will assume that this is the authentication method in question

aaa authentication login default local group tacacs+

And there is something unusual about this configuration. It specifies the primary authentication method as local with tacacs as the backup method. The more usual configuration would look like this

aaa authentication login default  group tacacs+ local

 

I also find the description of the problem confusing. The original poster says that access deny is returned which sounds like he is seeing tacacs activity. But if I am correct about the authentication method being used then local authentication is the primary method. Perhaps the original poster can provide some clarification.

 

HTH

 

Rick

2 REPLIES
Silver

hello - this discussion was

hello - this discussion was originally published in a community that does not show discussions. as well as is not an area for technical questions.  I will move this post to Network Infrastructure Other subjects.

Hall of Fame Super Gold

I do not have a good

I do not have a good understanding of the problem described by the original poster. There are multiple authentication methods configured and it is not clear which of them the user might be using. Lacking any specific information I will assume that this is the authentication method in question

aaa authentication login default local group tacacs+

And there is something unusual about this configuration. It specifies the primary authentication method as local with tacacs as the backup method. The more usual configuration would look like this

aaa authentication login default  group tacacs+ local

 

I also find the description of the problem confusing. The original poster says that access deny is returned which sounds like he is seeing tacacs activity. But if I am correct about the authentication method being used then local authentication is the primary method. Perhaps the original poster can provide some clarification.

 

HTH

 

Rick

117
Views
0
Helpful
2
Replies
CreatePlease to create content