TACACS+ Telnet login authentication, local enable passwords.
I've managed to configure TACACS+ authentication for telnet sessions to some network devices and it works great. The only problem is that you when you switch to enable mode you need to specify the local enable password.
Is there a way to configure a device so that once a user is authenticated via tacacs+, they will no longer need to provide any more passwords?
Re: TACACS+ Telnet login authentication, local enable passwords.
I've added that into the config on the switch, now I cannot get telnet access, just get 'authorization failed' message. I can still gain access through the console though. What has happened? Here's the current config:
aaa authentication login default group tacacs+
aaa authorization exec default group tacacs+
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
enable secret 5 $1$DC0B******************
enable password *******************
If I take out the line "aaa authorization exec default group tacacs+", I can then telnet into the box again.
Here's the debug info for aaa authorization when that line is added:
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...