Yep! I'm really running 12.1!

I'm receiving the message once i include "aaa authorization exec default group radius local if-authenticated" in the config.

Login is successful, however authorization does not allow me to go directly into enable mode. If I take the aaa authorization line out I can login to user mode and then use the enable password to move forward but that is not what I wish to achieve.

sh run | i aaa

!

aaa new-model
aaa authentication attempts login 5
aaa authentication banner ^C
aaa authentication fail-message ^C
aaa authentication login My-RADIUS group radius local
aaa accounting exec My-RADIUS start-stop group radius
aaa session-id common

!

Is there somewhere specific I was suppose to configure the aaa authorization enabled, because I'm not seeing it.

Let me know what other thoughts you may have.

Thanks

Nik

Hi, Nik,

The aaa authorization exec radius if-authenticated command configures the network access server to contact the RADIUS  server to determine if users are permitted to start an EXEC shell when  they login.

Try to use aaa authorization config-commands and aaa authorization commands 15.

Cheers, Iron

--

Iron,

Thanks for your reply. However, I do wish for the users to be validated against RADIUS before they can use enable commands. When I entered your suggestion I can still authenticate without any problems. However, I still default to user mode. I would like it to default to priviledge mode once a user successfully logs in.

Your thoughts!

Nik

Part of what you posted seems to show that you are using non-default methods (My-RADIUS) for authentication and for accounting. It is not clear to me whether a non-default method is also desired for the authorization. Perhaps it would help to clarify if you would post the parts of the config that are for aaa and the parts of the config for the console and vty lines. (complete config might be even better - but these parts would get us started)

HTH

Rick