02-19-2015 04:44 AM - edited 03-10-2019 10:28 PM
Hi,
I have configure the ASA with AAA. It was doing the AAA authentication but as soon I have enter the command “aaa authorization command TACACS+ LOCAL”, I am able to login, but unable to run “show run, conf t, ping” commands. When I enter these commands I am getting below error messages. Attached are the ACS 4.2 configurations screen shoots.
Error Message:
ciscoasa(config)# ping 192.168.56.1
Command authorization failed
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# conf t
Command authorization failed
ciscoasa(config)# sh run
Command authorization failed
ciscoasa(config)#
Below is the AAA configuration on the ASA.
username user1 password user123 privilege 15
enable secret password2
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server TACACS+ (inside) host 192.168.56.10
timeout 6
key Abc123#
aaa authentication http console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
!
aaa authorization command TACACS+ LOCAL when I have configure this command, I start getting error message that “Command Authorization Failed”
!
aaa accounting enable console TACACS+
aaa accounting ssh console TACACS+
Please advise that how I can now resolve this issue.
Thanks
11-13-2015 08:00 PM
Hello Rizwan,
We are also facing the exact issue on ASA (configured with Active Passive mode).
AAA commands on our ASA is (as per backup configuration), as of now we are able to logged into ASA but unable to run any command.
aaa authentication enable console ACS LOCAL
aaa authentication http console ACS LOCAL
aaa authentication ssh console ACS LOCAL
aaa authorization command ACS
aaa accounting enable console ACS
aaa accounting ssh console ACS
aaa accounting command ACS
Requesting to pls share , what you have did to overcome the problem.
Rgds
****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide