05-19-2006 06:20 AM - edited 03-10-2019 02:35 PM
Hi.
I configure a router for tacacs+ access and the console and CLI work fine.
HTTP access continually prompts for password and I can never gain access via web.
I have tried the various cli combinations of IP HTTP AUTHENTICATION, but still does not seem to work with tacacs+.
Debug authentication and authorization are ok (PASS)!
Any suggestions??
Thanks.
Andrea.
05-20-2006 12:43 AM
Hi Andrea,
Make sure that you have privilege level 15, for your account, as telnet can work without it, but for http its a must.
You can configure it for Group, under whihc you have your user account or per user basis too.
Select group > Edit Settings > TACACS+ section
Check "Shell" and "Privilege level" and in box in front of privilege level, put number "15".
Also if you have configured enable authentication via TACACS+ ,amake sure under your user account you have selected "Use CiscoSecure..." option under TACACS+ enable password if you have your account configured on ACS, of select other as appropriate.
Let me know if it helps :)
I suppose you have "ip http authentiaction aaa" command configured.
05-22-2006 12:36 AM
Thanks for your help.
Yes, I'm using "ip http authe aaa" and all settings seem to be ok.
Debug aaa authe/autho are ok: PASS for all, I believe!
May 22 10:30:18.014: TPLUS: Received authen response status PASS (2)
May 22 10:30:18.022: TPLUS: received authorization response for 0: PASS
Andrea.
05-22-2006 06:48 PM
If you have, checked "shell", "privlege level" and set it to 15 and on user account you are using TACACS+ enable password, appropriately. Then I think you need to contact TAC, as you have set everything appropriately. In case its AP, then there's an option to cache username/password while authentication, as for HTTP access for AP, it requires username/password several times.
Rest seems to be okay...
Again make sure
-Shell is checked.
-Privilege level is checked and set to 15
-under user account, we are using TACACS+ enable password section appropriately (it should not be use seprate password with blank field)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide