Solved: Re: Direct Login To Enable Mode with CAT OS Using Tacacs+

bpotschien · ‎09-28-2004

Hello,

I'm using Tacacs for authenticating on IOS and CAT OS switches. When I log in to the IOS ones, I get directly to the enable mode.

When I log in to the CAT OS switch with the same user I only get to exec mode. Then I have to enter the enable mode manually with the "tacacs user password" as the "enable password".

My wish is to login directly to the enable mode with CAT switches!

Thanks in advance...

IOS config:

-----------

aaa new-model

tacacs-server key xxxx

tacacs-server host a.b.c.d

aaa authentication login default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

line vty 0 4

login authentication default

CAT OS config:

--------------

set tacacs server a.b.c.d primary

set tacacs attempts 5

set tacacs directedrequest disable

set tacacs key xxxxxx

set tacacs timeout 5

set authentication login tacacs disable console

set authentication login tacacs enable telnet primary

set authentication enable tacacs disable console

set authentication enable tacacs enable telnet primary

set authentication login local enable console

set authentication login local enable telnet

set authentication enable local enable console

set authentication enable local enable telnet

michael.linhart · ‎09-28-2004

@rtogonon

this is a IOS command!

Michael

View solution in original post

michael.linhart · ‎09-28-2004

Hi,

just add the following line

set authorization exec enable tacacs+ none

Hope it helps

Cheers

Michael

ROBERT TOGONON · ‎09-28-2004

Or you can add this line on your statement.

"aaa authorization exec default group tacacs+"

RT

michael.linhart · ‎09-28-2004

@rtogonon

this is a IOS command!

Michael