10-11-2009 11:31 AM - edited 03-10-2019 04:43 PM
I am having a hard time figuring out why authorization fails for users when logging into a switch/router using tacacs to ACS 4.1.123. Authentication does work and I have shell exec and priv=15 service enabled. Am I missing something else?
10-11-2009 06:49 PM
Make sure you have exec authorization command in the router/switch,
aaa authorization exec default group tacacs if-authenticated
Also disable single connect on router and on ACS-->network configuration-->AAA-client-->Router. Uncheck single connect.
If still issue is there then please get debugs,
debug tacacs
debug aaa authentication
debug aaa authorization
Regards,
~JG
Do rate helpful posts
10-12-2009 04:24 AM
Hi,
Are you getting "authorization failed" or "command authorization failed"?
Along with the debugs, also get the output of this command:
Sh run | in aaa
HTH
JK
Plz rate helpful posts-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide