Enable password from tacacs server

kdepijper · ‎03-26-2003

I have an ldap server with a tacacs package (tac_plus.F5.0.0.alpha) and 10 users which is doing the tacacs authentication for users loging into my routers. I configured the allowed commands in the tacas server per group of users, this is all working fine.

Now I also want to fetch the enable password from the tacacs server, and preferable the users should enter their password again (instead of the enable password - as command authorization is configured per group of users)

When I try to go into enable mode, I see in the debugging that a username $enable$ is sent to the tacacs server, which is not known, and so I still have to enter the enable password.

commands I used in the router are:

aaa authentication login default group tacacs+ loroup tacal

aaa authentication enable default tacacs+ local

aaa authorization exec default tacacs+ local

aaa authorization commands 0 default tacacs+ local

aaa authorization commands 1 default tacacs+ local

aaa authorization commands 15 default tacacs+ local

Do you know how $enable$ can be replaced by something, so my idea would work ?

Thanks in advance ,Karien

sghosh · ‎03-26-2003

Hi Karien,

You are using a old code and that is the reason why it send out the username $enable$ , if you are using 12.0.7T or above code it will send the original username for enable authentication.

Thanks

Sujit

kdepijper · ‎03-27-2003

Hi Sujit,

I used 12.2.13T and 12.2.15T, while having this issues.

Thanks Karien