2900x., aaa, enable pass

kimlong — Sun, 10 Mar 2019 14:25:23 GMT

We have a 2900xl with the following stats:

Cisco Internetwork Operating System Software

IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.4)WC(1), MAINTENANCE INTERIM SOFTWARE

Compiled Tue 10-Jul-01 11:52 by devgoyal

Image text-base: 0x00003000, data-base: 0x00333CD8

ROM: Bootstrap program is C2900XL boot loader

noc-devel uptime is 20 hours, 59 minutes

System returned to ROM by reload

System restarted at 15:26:11 east Wed Jul 23 2003

System image file is "flash:c2900XL-c3h2s-mz.120-5.4.WC.1.bin"

cisco WS-C2924M-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory.

Processor board ID FAA0341F0XR, with hardware revision 0x03

Last reset from warm-reset

Processor is running Enterprise Edition Software

Cluster command switch capable

Cluster member switch capable

25 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:30:19:46:EE:00

Motherboard assembly number: 73-3425-09

Power supply part number: 34-0920-01

Motherboard serial number: FAA03409DFB

Power supply serial number: NONE

Model revision number: A0

Model number: WS-C2924M-XL-EN

System serial number: FAA0341F0XR

Module Ports Model HW Version SW version

------ ----- ----- ---------- ----------

1 2 WS-X2922-XL-V xxxx xxxx

Configuration register is 0xF

We are trying to configure aaa services on the device. When we use the standard config which is working on all other devices, it fails on the 2900xl in the following way - it appears that the 2900xl is looking to TACACS/our NT domain controller for the enable pass and not authenticating against the configured password.

This is our error:

noc-devel>en

Password:

% Error in authentication.

This is our config:

aaa new-model

aaa group server tacacs+ cisacs

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting update newinfo

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

Thanks in advance.

Re: 2900x., aaa, enable pass

mhoda — Thu, 24 Jul 2003 20:54:33 GMT

Hi,

What privilege level have you assigned for the users? Is it between 2-15. If not, please assign the priv-lvl between 2-15 and see if that helps.

Regards,

Mynul

topic 2900x., aaa, enable pass in Network Access Control

2900x., aaa, enable pass

Re: 2900x., aaa, enable pass