Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1466
Views
0
Helpful
4
Replies

ACS - 5.3

dpugalendi.d
Level 1
Level 1

‎12-31-2012 01:42 AM - edited ‎03-10-2019 07:55 PM

I configured the below config in Routers it is working good , but when i do the same in SWITCH-2960 , i am getting a problem not able to login to enable mode ... i am getting the basic login only ....

Error msg :   % Error in Authentication.

Need to be configured at TAFE Network Devices:

tacacs-server directed-request

tacacs-server key xxxxx        

tacacs-server host 10.61.xxxx

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login no-tacacs none

aaa authentication enable default group tacacs+ enable

aaa authorization config-commands

aaa authorization exec default if-authenticated

aaa authorization commands 1 default if-authenticated

aaa authorization commands 15 default group tacacs+ local

aaa authorization console

=====================================================

Exit the IOS device and enter with an ACS username:

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

aaa session-id common

Labels:
0 Helpful
4 Replies 4

dpugalendi.d
Level 1
Level 1

‎12-31-2012 01:52 AM

ERROR MESSAGE AS BELOW .............................

      

HO-DC-L2-SW1-2960G>en
TAFE TACACS password:
% Error in authentication.

I am able to reset the password via TACACS but again not working for enable,

HO-DC-L2-SW1-2960G>en

TAFE TACACS password:

Enter old password:

Enter new password:

Enter new password confirmation:

% Error in authentication.

0 Helpful

Peter Koltl
Level 7
Level 7
In response to dpugalendi.d

‎12-31-2012 08:58 AM

Check the TACACS logs

debug aaa subsystem

debug aaa authen

0 Helpful

AdamBlackNNT
Level 1
Level 1

‎01-02-2013 10:49 AM

ACS 5.x has very extensive reporting / logging capabilties - what are you seeing in the logs when you attempt to get privileged user access?

0 Helpful

Satish Gaikwad
Level 1
Level 1
In response to AdamBlackNNT

‎01-03-2013 01:45 AM

Hi,

this is wokring for me:

aaa   new-model
aaa authentication enable   default group tacacs+ enable
aaa authorization   config-commands
aaa authorization commands 0 GRP group tacacs+
aaa authorization commands 15 GRP group tacacs+
aaa authorization exec GRP group tacacs+
aaa accounting exec default   start-stop group tacacs+
aaa accounting commands 0   default start-stop group tacacs+
aaa accounting commands 15   default start-stop group tacacs+

At enable prompt enter the first level pwd only.

Ensure you have

System Administration > Users > Authentication Settings>TACACS Enable Password enabled.

Thanks

0 Helpful
Customers Also Viewed These Support Documents