https://community.cisco.com/t5/network-access-control/asa-command-authorization-failed-acs4-2/m-p/2649470#M74423 <P><SPAN style="font-size: 14px;">Hi,</SPAN></P><P><SPAN style="font-size: 14px;">I have configure the ASA with AAA. It was doing the AAA authentication but as soon I have enter the command “aaa authorization command TACACS+ LOCAL”, I am able to login, but unable to run “show run, conf t, ping” commands. When I enter these commands I am getting below error messages. Attached are the ACS 4.2 configurations screen shoots.</SPAN></P><P><SPAN style="font-size: 14px;"><STRONG>Error Message:</STRONG></SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)# ping 192.168.56.1</SPAN></P><P><SPAN style="color: rgb(255, 0, 0);"><SPAN style="font-size: 14px;">Command authorization failed</SPAN></SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)#</SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)#</SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)# conf t</SPAN></P><P><SPAN style="color: rgb(255, 0, 0);"><SPAN style="font-size: 14px;">Command authorization failed</SPAN></SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)# sh run</SPAN></P><P><SPAN style="color: rgb(255, 0, 0);"><SPAN style="font-size: 14px;">Command authorization failed</SPAN></SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)#</SPAN></P><P>&nbsp;</P><P><SPAN style="font-size: 14px;"><STRONG>Below is the AAA configuration on the ASA.</STRONG></SPAN></P><P><SPAN style="font-size: 14px;">username user1 password user123 privilege 15</SPAN></P><P><SPAN style="font-size: 14px;">enable secret password2</SPAN></P><P><SPAN style="font-size: 14px;">aaa-server TACACS+ protocol tacacs+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN></P><P><SPAN style="font-size: 14px;">aaa-server TACACS+ max-failed-attempts 3</SPAN></P><P><SPAN style="font-size: 14px;">aaa-server TACACS+ deadtime 10</SPAN></P><P><SPAN style="font-size: 14px;">aaa-server TACACS+ (inside) host 192.168.56.10</SPAN></P><P><SPAN style="font-size: 14px;">timeout 6</SPAN></P><P><SPAN style="font-size: 14px;">key Abc123#</SPAN></P><P><SPAN style="font-size: 14px;">aaa authentication http console TACACS+ LOCAL</SPAN></P><P><SPAN style="font-size: 14px;">aaa authentication ssh console TACACS+ LOCAL</SPAN></P><P><SPAN style="font-size: 14px;">aaa authentication telnet console TACACS+ LOCAL</SPAN></P><P><SPAN style="font-size: 14px;">!</SPAN></P><P><SPAN style="font-size: 14px;">aaa authorization command TACACS+ LOCAL &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<SPAN style="color: rgb(255, 0, 0);">when I have configure this command, I start getting error message that “Command Authorization Failed”</SPAN></SPAN></P><P><SPAN style="font-size: 14px;">!</SPAN></P><P><SPAN style="font-size: 14px;">aaa accounting enable console TACACS+</SPAN></P><P><SPAN style="font-size: 14px;">aaa accounting ssh console TACACS+</SPAN></P><P>&nbsp;</P><P>Please advise that how I can now resolve this issue.</P><P>Thanks</P><P>&nbsp;</P> Mon, 11 Mar 2019 05:28:10 GMT raza555 2019-03-11T05:28:10Z https://community.cisco.com/t5/network-access-control/asa-command-authorization-failed-acs4-2/m-p/2649470#M74423 <P><SPAN style="font-size: 14px;">Hi,</SPAN></P><P><SPAN style="font-size: 14px;">I have configure the ASA with AAA. It was doing the AAA authentication but as soon I have enter the command “aaa authorization command TACACS+ LOCAL”, I am able to login, but unable to run “show run, conf t, ping” commands. When I enter these commands I am getting below error messages. Attached are the ACS 4.2 configurations screen shoots.</SPAN></P><P><SPAN style="font-size: 14px;"><STRONG>Error Message:</STRONG></SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)# ping 192.168.56.1</SPAN></P><P><SPAN style="color: rgb(255, 0, 0);"><SPAN style="font-size: 14px;">Command authorization failed</SPAN></SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)#</SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)#</SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)# conf t</SPAN></P><P><SPAN style="color: rgb(255, 0, 0);"><SPAN style="font-size: 14px;">Command authorization failed</SPAN></SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)# sh run</SPAN></P><P><SPAN style="color: rgb(255, 0, 0);"><SPAN style="font-size: 14px;">Command authorization failed</SPAN></SPAN></P><P><SPAN style="font-size: 14px;">ciscoasa(config)#</SPAN></P><P>&nbsp;</P><P><SPAN style="font-size: 14px;"><STRONG>Below is the AAA configuration on the ASA.</STRONG></SPAN></P><P><SPAN style="font-size: 14px;">username user1 password user123 privilege 15</SPAN></P><P><SPAN style="font-size: 14px;">enable secret password2</SPAN></P><P><SPAN style="font-size: 14px;">aaa-server TACACS+ protocol tacacs+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN></P><P><SPAN style="font-size: 14px;">aaa-server TACACS+ max-failed-attempts 3</SPAN></P><P><SPAN style="font-size: 14px;">aaa-server TACACS+ deadtime 10</SPAN></P><P><SPAN style="font-size: 14px;">aaa-server TACACS+ (inside) host 192.168.56.10</SPAN></P><P><SPAN style="font-size: 14px;">timeout 6</SPAN></P><P><SPAN style="font-size: 14px;">key Abc123#</SPAN></P><P><SPAN style="font-size: 14px;">aaa authentication http console TACACS+ LOCAL</SPAN></P><P><SPAN style="font-size: 14px;">aaa authentication ssh console TACACS+ LOCAL</SPAN></P><P><SPAN style="font-size: 14px;">aaa authentication telnet console TACACS+ LOCAL</SPAN></P><P><SPAN style="font-size: 14px;">!</SPAN></P><P><SPAN style="font-size: 14px;">aaa authorization command TACACS+ LOCAL &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<SPAN style="color: rgb(255, 0, 0);">when I have configure this command, I start getting error message that “Command Authorization Failed”</SPAN></SPAN></P><P><SPAN style="font-size: 14px;">!</SPAN></P><P><SPAN style="font-size: 14px;">aaa accounting enable console TACACS+</SPAN></P><P><SPAN style="font-size: 14px;">aaa accounting ssh console TACACS+</SPAN></P><P>&nbsp;</P><P>Please advise that how I can now resolve this issue.</P><P>Thanks</P><P>&nbsp;</P> Mon, 11 Mar 2019 05:28:10 GMT https://community.cisco.com/t5/network-access-control/asa-command-authorization-failed-acs4-2/m-p/2649470#M74423 raza555 2019-03-11T05:28:10Z https://community.cisco.com/t5/network-access-control/asa-command-authorization-failed-acs4-2/m-p/2649471#M74425 <P>Hello Rizwan,&nbsp;</P> <P></P> <P>We are also facing the exact issue on ASA (configured with Active Passive mode).&nbsp;</P> <P></P> <P>AAA commands on our ASA is (as per backup configuration), as of now we are able to logged into ASA but unable to run any command.</P> <P>&nbsp;</P> <P><SPAN style="color: #1f497d;">aaa authentication enable console ACS LOCAL</SPAN></P> <P><SPAN style="color: #1f497d;">aaa authentication http console ACS LOCAL</SPAN></P> <P><SPAN style="color: #1f497d;">aaa authentication ssh console ACS LOCAL</SPAN></P> <P><STRONG><SPAN style="color: #1f497d;">aaa authorization command ACS </SPAN></STRONG></P> <P><SPAN style="color: #1f497d;">aaa accounting enable console ACS</SPAN></P> <P><SPAN style="color: #1f497d;">aaa accounting ssh console ACS</SPAN></P> <P><SPAN style="color: #1f497d;">aaa accounting command ACS</SPAN></P> <P><SPAN style="color: #1f497d;"></SPAN></P> <P><SPAN style="color: #1f497d;">Requesting to pls share , what you have did to overcome the problem.</SPAN></P> <P><SPAN style="color: #1f497d;"></SPAN></P> <P><SPAN style="color: #1f497d;">Rgds</SPAN></P> <P><SPAN style="color: #1f497d;">****</SPAN></P> Sat, 14 Nov 2015 04:00:36 GMT https://community.cisco.com/t5/network-access-control/asa-command-authorization-failed-acs4-2/m-p/2649471#M74425 netbeginner 2015-11-14T04:00:36Z