AAA auth with ip http server not working

markusmaximus · ‎04-18-2007

Hi all,

I am unable to get ip http server to authenticate against tacacs. attached is the debug output when logging in with the user "mark".

Router config:

aaa new-model

aaa authentication login default group tacacs+ local enable

aaa authentication login ALREADY-IN none

aaa authentication login web group tacacs+ local enable

aaa authorization exec web group tacacs+ local if-authenticated

aaa session-id common

ip http server

ip http authentication aaa login-authentication web

ip http authentication aaa exec-authorization web

the priv-lvl 15 attribute is being sent, but IP HTTP Auth fails.. any ideas why?

Cheers,

Mark

Update: Fixed it! I believe the access-enable autocommand was the cause!

Vivek Santuka · ‎04-19-2007

Hi,

I have seen that additional attributes such as "access-enable timeout 1920" would not allow http authentication to work with certain IOS versions.

Regards,

Vivek

PROBLEM WITH LOCAL HTTP SERVER