aaa authorization failed aaa_author_status_method 16 0x10 in Nexus 5k 6k & 7k

dj0304071 · ‎08-31-2016

Hello,

I am getting this error in Nexus routers, for all the commands that i run.

# sh ver

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)

Please help.

Regards,

Dheeraj.

ahmedshoaib · ‎09-01-2016

Hi;

You are getting this error due to the authenticated user on Nexus user as a user privilege (network-operator) instead of admin (network-admin, vdc-admin) right.

Which type of ACS version you are running?

If it's older ver then under the admin profile, in the drop down list, select Cisco-AVPair and use the following string:

shell:roles=”network-admin vdc-admin”

If it's a new version then no need add the custom attribute under admin profile, just select the default/Maximum privileged = 15.

Thanks & Best regards;

Miguel Jimenez Lucas · ‎03-16-2018

Hello dj0304071,

I had the same problem with the nexus1000v when I set up tacacs but now I have it as follows:

1.-You must create a .txt or copy the configuration file of your Nexus to a .txt
2.-In the file .txt configures for the tacacs lines a "no" to the configuration

enable
!
config terminal
!
no tacacs-server key 7 "efdgw"
no tacacs-server host 192.168.100.x
no aaa group server tacacs+ AAA-LUCAS
no aaa authentication login default group AAA-LUCAS
no aaa authentication login console group AAA-LUCAS
no aaa authorization config-commands default group AAA-LUCAS
no aaa accounting default group AAA-LUCAS
no aaa authentication login error-enable
no tacacs-server directed-request

3.-From a tftp upload the file to the running-config or start-config.

This way I let myself execute command.

I hope and can help you and regards!

azeducisco · ‎10-08-2018

Hello all l have the same problem how can l solve this problem?

(config)# tacacs-server directed-request
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)

Richard Burts · ‎10-09-2018

It appears that you are receiving this error when you attempt to enter a configuration command. Is the problem only in config mode? Are you able to successfully execute other commands?

HTH

Rick

HTH

Rick

azeducisco · ‎10-09-2018

L do on config mode. Also aaa config is problem

Richard Burts · ‎10-09-2018

There is a long term aspect to this issue and a short term aspect. The long term aspect is that something in your aaa authorization is not set up correctly or that your user ID is not set up correctly in whatever is providing your authorization service. You need to figure out whether it is an issue in how your aaa authorization is configured or is an issue in how your user account is set up. Once you figure out what that problem is you should correct that issue.

The short term aspect is that you are not able to enter any configuration commands. So it the long term issue turns out to be that something in aaa authorization is not configured correctly then how do you correct it? The solution was mentioned in a previous post. You create a text file and in the text file you put the commands to remove the aaa configuration (or perhaps just the aaa authorization commands). Then you copy the file either to running config or to startup config. Note that if you will be copying to running config then you only need the aaa commands, but if you are copying to startup config then you will need the entire configuration, and after copying to startup config then you will need to reboot the router.

HTH

Rick

HTH

Rick