for different IOS the

russell_parker · ‎04-03-2014

Hi, I have configured the ACS 5.5 following a number of documents, the last one being a support forum doc, "How to Configure tacacs Authentication and Authorization for Admin and non-Admin users in ACS 5.1", yet each time when I login to the Cisco device, it logs me directly into user exec mode and not priv exec.

I am sure I had it working earlier but it is no longer working. Any ideas anyone?

The Designer Shell profile has the following configured with the 2 privilege settings as 15.

Service selection rules:

The Device Authorisation Policy is as follows;

The cisco AAA commands are;

aaa new-model
aaa authentication login default group tacacs+ line enable
aaa authentication enable default group tacacs+ line enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

edwjames · ‎04-04-2014

Hi Russel,

As this the ACS in the backend, could you share the exported detailed PDF (magnifying glass and print to pdf on top left) of the Tacacs+ Authorization attempt on the ACS when you login.

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed

cuellar52 · ‎06-08-2015

Worked thanks

Naveen Kumar · ‎04-06-2014

for different IOS the commands are diff, So please have a look on:

How to Assign Privilege Levels with TACACS+ and RADIUS:

http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

ACS 5.5 - Issue where cannot login directly into Priv Exec