https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498138#M237532 Hi Karthik, Thanks for the link but it gave me more questions rather than answers. I didn't find if the local user is for ASDM access and if AAA commands is applied to the 'admin' context only and would be able to manage other virtual contexts that has no AAA config. Sun, 15 Jun 2014 06:03:18 GMT johnlloyd_13 2014-06-15T06:03:18Z https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498136#M237530 <P>hi all,</P><P>i configured our new ASA 5525-X for AAA/TACACS+ but got locked out so i have to reboot.</P><P>when i applied the AAA config, it showed an error saying 'enable_15' in not in LOCAL database.</P><P>it this the fallback method or should it be the telnet/enable passwords that should be used?</P><P>is this for ASDM purpose?</P><P>&nbsp;</P><P>ASA02/admin# sh run<BR />Fallback authorization. Username 'enable_15' not in LOCAL database</P> Tue, 12 Mar 2019 04:20:00 GMT https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498136#M237530 johnlloyd_13 2019-03-12T04:20:00Z https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498137#M237531 <P>Hi John,</P><P>&nbsp;</P><P>This is due to the authorization / aaa setting in a multi context firewall. You need to tweak it carefully to avoid confusion. You can follow the below mentioned document to understand it better.</P><P>&nbsp;</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/mgaccess.html</P><P>&nbsp;</P><P>Hope this helps.</P><P>&nbsp;</P><P>Regards</P><P>Karthik</P> Sun, 15 Jun 2014 05:04:48 GMT https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498137#M237531 nkarthikeyan 2014-06-15T05:04:48Z https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498138#M237532 Hi Karthik, Thanks for the link but it gave me more questions rather than answers. I didn't find if the local user is for ASDM access and if AAA commands is applied to the 'admin' context only and would be able to manage other virtual contexts that has no AAA config. Sun, 15 Jun 2014 06:03:18 GMT https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498138#M237532 johnlloyd_13 2014-06-15T06:03:18Z https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498139#M237533 <P>Hi John,</P><P>On AAA settings you have mentioned Tacacs and LOCAL as the fall back option.... but have you created with privilege 15. If you have created as such you shouldn't get that error pops.</P><P>&nbsp;</P><P>username &lt;name&gt; password [PASSWORD] encrypted privilege 15</P><P>&nbsp;</P><P>Hope this helps</P><P>Regards</P><P>Karthik</P><P>&nbsp;</P> Sun, 15 Jun 2014 09:06:44 GMT https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498139#M237533 nkarthikeyan 2014-06-15T09:06:44Z https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498140#M237534 <P>hi karthik,</P><P>i didn't configure the local user that's why i got locked out.</P><P>i thought that this was initially for ASDM that's why i left it out.</P> Mon, 16 Jun 2014 07:55:11 GMT https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498140#M237534 johnlloyd_13 2014-06-16T07:55:11Z https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498141#M237535 <P>Hi John,</P><P>Good to know that your issue is solved. Thanks!!!</P><P>&nbsp;</P><P>Regards</P><P>Karthik</P> Mon, 16 Jun 2014 08:32:17 GMT https://community.cisco.com/t5/network-security/local-user-database-for-aaa-tacacs/m-p/2498141#M237535 nkarthikeyan 2014-06-16T08:32:17Z