Solved: ACS command authorization report in conf t mode

Christopher_Hett · ‎05-05-2015

Hi, this is probably a quick one, but I couldnt find a solution so far.

We are using command authorization via ACS and are thus able to see (in case of any issues) who has entered which commands at which time on which device. But this only works until someone enters conf t mode. After that I am not getting log entries in the ACS (Version 5). I can see all show commands and who entered the configuration mode, but nothing after that. Config snippet:

aaa new-model
aaa authentication attempts login 5
aaa authentication login default group tacacs+ local line enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common

My guess is that I allow all commands with that and thus no authorization is needed.

Any idea?

Thanks

Chris

johnd2310 · ‎05-06-2015

Hi

Which report are you looking at? Have a look at both the Tacacs Accounting and the Tacacs Authorization reports.

Thanks

John

**Please rate posts you find helpful**

View solution in original post

johnd2310 · ‎05-06-2015

Hi

Which report are you looking at? Have a look at both the Tacacs Accounting and the Tacacs Authorization reports.

Thanks

John

**Please rate posts you find helpful**

Christopher_Hett · ‎05-06-2015

Thanks! I only looked at TACACS+ Authorization report, but the information I was looking for is in the TACACS+ Accounting report.