https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4081667#M1069982 <P>hi,</P><P>so it's the same as not having this line configured at all?</P><P>we currently don't have this line configured and i have to type my TACACS login twice just to get to privilege mode.</P> Fri, 08 May 2020 01:56:46 GMT johnlloyd_13 2020-05-08T01:56:46Z https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4081651#M1069979 <P>hi,</P><P>was trying to google search but can't seem to find the answer.</P><P>just wondering what's the difference between <STRONG>aaa authorization exec authentication-server</STRONG> vs <STRONG>aaa authorization exec authentication-server <FONT color="#FF0000">auto-enable</FONT></STRONG>?</P><P>i know the latter since we're using them which automatically brings you to the ASA privilege exec mode # but how about the former?</P><P>&nbsp;</P><P><EM>ciscoasa(config)# aaa authorization exec authentication-server ?</EM></P><P><EM>configure mode commands/options:</EM><BR /><EM><FONT color="#FF0000">auto-enable</FONT> Allow authenticated users with sufficient privileges to</EM><BR /><EM>automatically enter privileged EXEC mode on login</EM><BR /><FONT color="#FF0000"><EM>&lt;cr&gt;</EM></FONT></P><P>&nbsp;</P> Fri, 08 May 2020 02:08:35 GMT https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4081651#M1069979 johnlloyd_13 2020-05-08T02:08:35Z https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4081658#M1069980 Hi<BR /><BR />It will bring you to user exec mode and you'll need to type enable in order to access privileged exec mode. Fri, 08 May 2020 01:38:11 GMT https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4081658#M1069980 Francesco Molino 2020-05-08T01:38:11Z https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4081667#M1069982 <P>hi,</P><P>so it's the same as not having this line configured at all?</P><P>we currently don't have this line configured and i have to type my TACACS login twice just to get to privilege mode.</P> Fri, 08 May 2020 01:56:46 GMT https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4081667#M1069982 johnlloyd_13 2020-05-08T01:56:46Z https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4081778#M1069988 Francesco is right Fri, 08 May 2020 07:23:20 GMT https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4081778#M1069988 Terence.Jh 2020-05-08T07:23:20Z https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4082648#M1070050 What do you mean by typing twice your login? Normally you type in once and then when you go to enable mode it prompts you for an enable password Sat, 09 May 2020 23:42:03 GMT https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4082648#M1070050 Francesco Molino 2020-05-09T23:42:03Z https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4082665#M1070051 <P>hi,</P><P>if you don't have 'auto-enable', you'll need to type your TACACS login twice: first when you login/SSH to the ASA, then second when the ASA asked for enable password.</P><P>you don't type the 'local' enable PW when you're doing AAA/TACACS.</P> Sun, 10 May 2020 01:03:04 GMT https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4082665#M1070051 johnlloyd_13 2020-05-10T01:03:04Z https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4082669#M1070052 Yes but it asks for password only when typing enable not the login name.<BR />Putting this command will allow tacacs to validate the privilege of the user and push it when entering enable command Sun, 10 May 2020 01:37:01 GMT https://community.cisco.com/t5/network-security/aaa-authorization-exec-authentication-server-vs-auto-enable/m-p/4082669#M1070052 Francesco Molino 2020-05-10T01:37:01Z