topic If you use the "Login" in Network Security

aaa authentication serial console

johnlloyd_13 — Tue, 12 Mar 2019 06:30:01 GMT

i'm trying to figure out what's wrong with my AAA config.

when I SSH/telnet to the ASA using my TACACS+ account is fine.

but i can't seem to login on our OBM server when I use the same TACACS+ account and also tried the enable password on the ASA.

appreciate anyone advise.

NORMAL REMOTE ACSESS:

User Access Verification

Username: John
Password: ********
Type help or '?' for a list of available commands.
ciscoasa/admin> en
Password: ********

ciscoasa/admin# sh run | i aaa
aaa-server TACACS protocol tacacs+
aaa-server TACACS (inside) host 172.27.1.1
aaa authentication ssh console TACACS LOCAL
aaa authentication http console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authentication serial console TACACS LOCAL

aaa authorization command TACACS LOCAL
aaa authorization exec authentication-server

OBM/jump server:

Console session started. Press ~[ENTER] to exit.

Username: John
Password: ********
Type help or '?' for a list of available commands.
ciscoasa> en
Password: ******** <<< USED TACACS+ PW
Invalid password
Password: ******** <<< USED THE ASA CONFIGURED enable password
Invalid password
Password: ******
Invalid password
Access denied.

If you use the "Login"

Maykol Rojas — Wed, 26 Aug 2015 18:46:57 GMT

If you use the "Login" command under the user mode

ciscoasa>login

And then use your credentials, does it work?

The serial, only authenticates to the console port, but not the exec mode, for that you will need to have authorization configured (as far as I remember, anyone else, please feel free to jump in).

With version 9.2, you can use the auto-enable option:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/a1.html#pgfId-1595724

Mike.

hi,login doesn't work.what

johnlloyd_13 — Thu, 27 Aug 2015 01:09:02 GMT

hi,

what authorization line should i add?

it only gives me the option to add LOCAL and authentication-server (which i already have).

ASA code is 8.3(2).

Console session started. Press ~[ENTER] to exit.

Username: John
Password: ********
Type help or '?' for a list of available commands.
ciscoasa> login
Username: John
Password: ********
%Login failed

ciscoasa/admin(config)# aaa authorization exec ?

configure mode commands/options:
LOCAL Use authorization attributes of corresponding local
user
authentication-server Use authenticating servers