https://community.cisco.com/t5/network-access-control/cisco-acs-can-t-find-authenticate-internal-user-on-3550-switch/m-p/1881610#M245856 <HTML><HEAD></HEAD><BODY><P>In ACS try sending following attributes as part of authorization for uses who can telnet/ssh to the router/switch.</P><P><STRONG style="font-family: Arial;">cisco-avpair = "shell:priv-lvl=15"</STRONG></P><P></P><P>Thanks</P></BODY></HTML> Tue, 01 May 2012 10:36:04 GMT shoaibkhan 2012-05-01T10:36:04Z https://community.cisco.com/t5/network-access-control/cisco-acs-can-t-find-authenticate-internal-user-on-3550-switch/m-p/1881609#M245838 <P>I'm doing some testing with ACS server on my windows box and I can't seem to get a barebone radius authentication to work with ACS internal users. I tested the same configuration with TACACS and it works fine, so there's something missing or misconfigured in my setup.</P><P></P><P>I have a cisco 3550 switch that I want users to login using their ACS username/password.</P><P></P><P>SW1</P><P>username cisco password 0 cisco</P><P>username admin password 0 admin</P><P>aaa new-model</P><P>aaa authentication login default group radius local</P><P>aaa authorization exec default group radius local</P><P></P><P>radius-server host 172.16.1.115 auth-port 1645 acct-port 1646 key password</P><P>radius-server source-ports 1645-1646</P><P>radius-server key password</P><P></P><P>Eventually it uses my local username/password in which I'm able to get in, but not sure why it says it can't find the user account.</P><P></P><P>Here are the debugs from my Cisco switch and attached are the screenshots of my ACS server.</P><P></P><P>User Access Verification</P><P>Username: <BR />2d18h: AAA: parse name=tty0 idb type=-1 tty=-1<BR />2d18h: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0<BR />2d18h: AAA/MEMORY: create_user (0x17478B0) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)<BR />2d18h: AAA/AUTHEN/START (1772888944): port='tty0' list='' action=LOGIN service=LOGIN<BR />2d18h: AAA/AUTHEN/START (1772888944): using "default" list<BR />2d18h: AAA/AUTHEN/START (1772888944): Method=radius (rad<BR />Username: userius)<BR />2d18h: AAA/AUTHEN (1772888944): status = GETUSER<BR />Username: user2<BR />Password: <BR />2d18h: AAA/AUTHEN/CONT (1772888944): continue_login (user='(undef)')<BR />2d18h: AAA/AUTHEN (1772888944): status = GETUSER<BR />2d18h: AAA/AUTHEN (1772888944): Method=radius (radius)<BR />2d18h: AAA/AUTHEN (1772888944): status = GETPASS</P><P>2d18h: AAA/AUTHEN/CONT (1772888944): continue_login (user='user2')<BR />2d18h: AAA/AUTHEN (1772888944): status = GETPASS<BR />2d18h: AAA/AUTHEN (1772888944): Method=radius (radius)<BR />% Authentication failed.</P> Wed, 13 Mar 2019 00:40:43 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-can-t-find-authenticate-internal-user-on-3550-switch/m-p/1881609#M245838 ejeangilles 2019-03-13T00:40:43Z https://community.cisco.com/t5/network-access-control/cisco-acs-can-t-find-authenticate-internal-user-on-3550-switch/m-p/1881610#M245856 <HTML><HEAD></HEAD><BODY><P>In ACS try sending following attributes as part of authorization for uses who can telnet/ssh to the router/switch.</P><P><STRONG style="font-family: Arial;">cisco-avpair = "shell:priv-lvl=15"</STRONG></P><P></P><P>Thanks</P></BODY></HTML> Tue, 01 May 2012 10:36:04 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-can-t-find-authenticate-internal-user-on-3550-switch/m-p/1881610#M245856 shoaibkhan 2012-05-01T10:36:04Z https://community.cisco.com/t5/network-access-control/cisco-acs-can-t-find-authenticate-internal-user-on-3550-switch/m-p/1881611#M245888 <HTML><HEAD></HEAD><BODY><P>Is that a command that I have to run. I'm using the ACS that runs on my Windows 2003 server. Not sure where that is in the GUI</P></BODY></HTML> Tue, 01 May 2012 12:44:52 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-can-t-find-authenticate-internal-user-on-3550-switch/m-p/1881611#M245888 ejeangilles 2012-05-01T12:44:52Z