cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
894
Views
0
Helpful
3
Replies

ACS 5.5 - Issue where cannot login directly into Priv Exec

russell_parker
Level 1
Level 1

Hi, I have configured the ACS 5.5 following a number of documents, the last one being a support forum doc, "How to Configure tacacs Authentication and Authorization for Admin and non-Admin users in ACS 5.1", yet each time when I login to the Cisco device, it logs me directly into user exec mode and not priv exec.

I am sure I had it working earlier but it is no longer working. Any ideas anyone?

The Designer Shell profile has the following configured with the 2 privilege settings as 15.

Service selection rules:

The Device Authorisation Policy is as follows;

The cisco AAA commands are;

aaa new-model
aaa authentication login default group tacacs+ line enable
aaa authentication enable default group tacacs+ line enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

 

 

3 Replies 3

edwjames
Level 3
Level 3

Hi Russel,

As this the ACS in the backend, could you share the exported detailed PDF (magnifying glass and print to pdf on top left) of the Tacacs+ Authorization attempt on the ACS when you login.

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed

Worked thanks

Naveen Kumar
Level 4
Level 4

for different IOS the commands are diff, So please have a look on:

How to Assign Privilege Levels with TACACS+ and RADIUS:

http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html