cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

enable authentication mode on acs

Ibrahim Jamil
Frequent Contributor
Frequent Contributor

Hello netpro

how to Config the ACS 4.2 server runs in TACACS + mode (users accounts configured the ACS) mode  to authenticate enable mode  password on the asa using the same AD account?
                                                

thanks

10 REPLIES 10

camejia
Participant
Participant

Hello,

My understanding is that you have configured ACS Internal User accounts with Password Authentication against AD as follows:

Screenshot of User Setup for a specific account:

Now, you would like to configure the ACS to check the Enable Password authentication on the ASA for that same ACS Internal User account against AD. Access the ASA enable mode with the AD password as well. In that case you need to enable the TACACS+ features for the user account under Interface Configuration > TACACS+ (Cisco IOS) > and check "Advanced TACACS+ Features".

Go back to the ACS user account and scroll down to: TACACS+ Enable Password and select Windows Database option:

If this was helpful please rate.

Regards.

Ibrahim Jamil
Frequent Contributor
Frequent Contributor

Hi Carlos

TACACS + Outbound Password for what purpose

Thanks

Hello,

TACACS+ Outbound Password

TACACS+ Outbound Password enables a AAA client to authenticate itself to another AAA client or end-user client via outbound authentication. The outbound authentication can be PAP, CHAP, MS-CHAP, or ARAP and results in the ACS password being given out. By default, the user's ASCII/PAP or CHAP/MS-CHAP/ARAP password is used. To prevent compromising inbound passwords, you can configure a separate SENDAUTH password. Use this feature only if you are familiar with TACACS+ SendAuth/OutBound password.

For your specific scenario you can leave it blank. I just forgot to delete the default "dots" that the ACS adds to the user account.

Regards.