topic Re: Enable authentication through tacacs+ in Network Access Control

Enable authentication through tacacs+

hanwu_dot — Mon, 11 Mar 2019 01:41:41 GMT

I configured authentication for Enable to user Tacacs+. I need it to be authenticated the same time when users are logging in. That is, a user types his username and password, he is directly logged into Enable mode.

However, it stops everytime at exec mode, he has to type "enable " and type his password again to get into enable mode.

any idea?

The aaa config is attached.

thanks

Han

Re: Enable authentication through tacacs+

camejia — Fri, 06 Jan 2012 20:18:08 GMT

Han,

You need to add the "aaa authorization exec default group tacacs if-authenticated none" command. Also, the TACACS+ server should be configured to return the privilege level 15 attribute for Shell (EXEC) as well.

NOTE: The feature to get directly into enable mode after typing the Username/Password applies only for IOS devices. Cisco ASA does not include this feature as it is considered a security device.

Regards.