Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
0
Helpful
3
Replies

ACS 5.5 - Issue where cannot login directly into Priv Exec

russell_parker
Level 1
Level 1

‎04-03-2014 02:15 PM - edited ‎03-10-2019 09:36 PM

Hi, I have configured the ACS 5.5 following a number of documents, the last one being a support forum doc, "How to Configure tacacs Authentication and Authorization for Admin and non-Admin users in ACS 5.1", yet each time when I login to the Cisco device, it logs me directly into user exec mode and not priv exec.

I am sure I had it working earlier but it is no longer working. Any ideas anyone?

The Designer Shell profile has the following configured with the 2 privilege settings as 15.

Service selection rules:

The Device Authorisation Policy is as follows;

The cisco AAA commands are;

aaa new-model
aaa authentication login default group tacacs+ line enable
aaa authentication enable default group tacacs+ line enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

 

 

2 people had this problem
Labels:
0 Helpful
3 Replies 3

edwjames
Level 3
Level 3

‎04-04-2014 10:38 AM

Hi Russel,

As this the ACS in the backend, could you share the exported detailed PDF (magnifying glass and print to pdf on top left) of the Tacacs+ Authorization attempt on the ACS when you login.

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful

cuellar52
Level 1
Level 1
In response to edwjames

‎06-08-2015 11:26 PM

Worked thanks

0 Helpful

Naveen Kumar
Level 4
Level 4

‎04-06-2014 11:02 PM

for different IOS the commands are diff, So please have a look on:

How to Assign Privilege Levels with TACACS+ and RADIUS:

http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents