https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483207#M88198 <HTML><HEAD></HEAD><BODY><P>Salaam Kashif</P><P></P><P>It is working I found the commands in that page which you were given.</P><P></P><P>Thanks lot</P></BODY></HTML> Tue, 11 Feb 2014 12:13:02 GMT shahulhameed 2014-02-11T12:13:02Z https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483203#M88189 <P>Hi</P><P></P><P>One of my customer has configured the below commands in switches. I created a user for accessing LMS to archive configuration.The user account successfully logged in to the switch but enable password is not taking from ACS it is taking from local enable password. After I addedd this command " </P><P>aaa authorization exec default group tacacs+ " the switch was not asking fro enable password. </P><P>The customer have ACS 4.2 in that I configured ACS the Shell command enabled and privilage 15.</P><P></P><P>Please advise how to configur a user account in ACS only for LMS ?</P><P></P><P></P><P><SPAN style="color: #0000ff;">aaa new-model</SPAN></P><P><SPAN style="color: #0000ff;">aaa authentication attempts login 5</SPAN></P><P><SPAN style="color: #0000ff;">aaa authentication login console none</SPAN></P><P><SPAN style="color: #0000ff;">aaa authentication login ssh group tacacs+ local</SPAN></P><P><SPAN style="color: #0000ff;">aaa accounting session-duration ntp-adjusted</SPAN></P><P><SPAN style="color: #0000ff;">aaa accounting exec default start-stop group tacacs+</SPAN></P><P><SPAN style="color: #0000ff;">aaa accounting commands 15 default start-stop group tacacs+</SPAN></P><P><SPAN style="color: #0000ff;">aaa session-id common</SPAN></P><P><SPAN style="color: #0000ff;">ip tacacs source-interface Vlanx</SPAN></P><P><SPAN style="color: #0000ff;">tacacs-server host 10.10.10.10 key 7 06098745612293E302426</SPAN></P><P><SPAN style="color: #0000ff;">tacacs-server timeout 60</SPAN></P><P><SPAN style="color: #0000ff;">tacacs-server directed-request</SPAN></P><P></P><P></P><P>Thanks and Regards,</P><P>Abdul Hameed</P> Mon, 11 Mar 2019 04:22:37 GMT https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483203#M88189 shahulhameed 2019-03-11T04:22:37Z https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483204#M88192 <HTML><HEAD></HEAD><BODY><P>wel authentication method is fine in the configuration you have set the option if ACS authentication fails then local account will be used for authentication try to share the log message that you receive that will help to touble shoot as chances are the ACS is not authenticating the user. </P></BODY></HTML> Tue, 11 Feb 2014 10:01:52 GMT https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483204#M88192 kaaftab 2014-02-11T10:01:52Z https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483205#M88194 <HTML><HEAD></HEAD><BODY><P>Salaam Kashif</P><P></P><P>I couldnt find any failed attempt or passed attempt against the user account in ACS. Where can I get the log?</P><P></P><P>After I put this command " <SPAN style="font-size: 10pt;">aaa authentication enable default group tacacs+ enable" </SPAN></P><P></P><P><SPAN style="font-size: 10pt;">Local user account and ACS users account not able to access the switch the error was " error authentication" but when I run a test command the authentication was successfull.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P></BODY></HTML> Tue, 11 Feb 2014 10:18:32 GMT https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483205#M88194 shahulhameed 2014-02-11T10:18:32Z https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483206#M88196 <HTML><HEAD></HEAD><BODY><P>kindly check the link</P><P><SPAN>&nbsp;&nbsp; </SPAN><A class="jive-link-external-small" href="http://www.dslreports.com/faq/9815">http://www.dslreports.com/faq/9815</A></P></BODY></HTML> Tue, 11 Feb 2014 10:55:39 GMT https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483206#M88196 kaaftab 2014-02-11T10:55:39Z https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483207#M88198 <HTML><HEAD></HEAD><BODY><P>Salaam Kashif</P><P></P><P>It is working I found the commands in that page which you were given.</P><P></P><P>Thanks lot</P></BODY></HTML> Tue, 11 Feb 2014 12:13:02 GMT https://community.cisco.com/t5/network-access-control/enable-password-from-acs/m-p/2483207#M88198 shahulhameed 2014-02-11T12:13:02Z