cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
650
Views
0
Helpful
1
Replies

Enable authentication through tacacs+

hanwu_dot
Level 1
Level 1

I configured authentication for Enable to user Tacacs+. I need it to be authenticated the same time when users are logging in. That is, a user types his username and password, he is directly logged into Enable mode.

However, it stops everytime at exec mode, he has to type "enable " and type his password again to get into enable mode.

any idea?

The aaa config is attached.

thanks

Han

1 Accepted Solution

Accepted Solutions

camejia
Level 3
Level 3

Han,

You need to add the "aaa authorization exec default group tacacs if-authenticated none" command. Also, the TACACS+ server should be configured to return the privilege level 15 attribute for Shell (EXEC) as well.

NOTE: The feature to get directly into enable mode after typing the Username/Password applies only for IOS devices. Cisco ASA does not include this feature as it is considered a security device.

Regards.

View solution in original post

1 Reply 1

camejia
Level 3
Level 3

Han,

You need to add the "aaa authorization exec default group tacacs if-authenticated none" command. Also, the TACACS+ server should be configured to return the privilege level 15 attribute for Shell (EXEC) as well.

NOTE: The feature to get directly into enable mode after typing the Username/Password applies only for IOS devices. Cisco ASA does not include this feature as it is considered a security device.

Regards.