Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
626
Views
0
Helpful
3
Replies

HTTP authentication via ACS TACACS+.

andrea.meconi
Level 2
Level 2

‎05-19-2006 06:20 AM - edited ‎03-10-2019 02:35 PM

Hi.

I configure a router for tacacs+ access and the console and CLI work fine.

HTTP access continually prompts for password and I can never gain access via web.

I have tried the various cli combinations of IP HTTP AUTHENTICATION, but still does not seem to work with tacacs+.

Debug authentication and authorization are ok (PASS)!

Any suggestions??

Thanks.

Andrea.

Labels:
0 Helpful
3 Replies 3

premdeep.banga
Level 1
Level 1

‎05-20-2006 12:43 AM

Hi Andrea,

Make sure that you have privilege level 15, for your account, as telnet can work without it, but for http its a must.

You can configure it for Group, under whihc you have your user account or per user basis too.

Select group > Edit Settings > TACACS+ section

Check "Shell" and "Privilege level" and in box in front of privilege level, put number "15".

Also if you have configured enable authentication via TACACS+ ,amake sure under your user account you have selected "Use CiscoSecure..." option under TACACS+ enable password if you have your account configured on ACS, of select other as appropriate.

Let me know if it helps :)

I suppose you have "ip http authentiaction aaa" command configured.

0 Helpful

andrea.meconi
Level 2
Level 2
In response to premdeep.banga

‎05-22-2006 12:36 AM

Thanks for your help.

Yes, I'm using "ip http authe aaa" and all settings seem to be ok.

Debug aaa authe/autho are ok: PASS for all, I believe!

May 22 10:30:18.014: TPLUS: Received authen response status PASS (2)

May 22 10:30:18.022: TPLUS: received authorization response for 0: PASS

Andrea.

0 Helpful

premdeep.banga
Level 1
Level 1
In response to andrea.meconi

‎05-22-2006 06:48 PM

If you have, checked "shell", "privlege level" and set it to 15 and on user account you are using TACACS+ enable password, appropriately. Then I think you need to contact TAC, as you have set everything appropriately. In case its AP, then there's an option to cache username/password while authentication, as for HTTP access for AP, it requires username/password several times.

Rest seems to be okay...

Again make sure

-Shell is checked.

-Privilege level is checked and set to 15

-under user account, we are using TACACS+ enable password section appropriately (it should not be use seprate password with blank field)

0 Helpful
Customers Also Viewed These Support Documents