Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
2
Replies

NDS authentication for enable mode

mstreet
Level 1
Level 1

‎07-24-2005 06:51 PM - edited ‎03-10-2019 02:14 PM

Hi everybody,

Can anybody help me out here please? I'm using the ACS appliance running software v3.3. I'm doing TACACS+ authentication from a router to the ACS box with backend authentication to a Novell NDS server. OK, I set it all up and got it all working quite easily. The only problem I have is that the first time you authenticate, the ACS box creates a new user account for the user on the ACS box (a dynamic user) and automatically configures it to authenticate via NDS and sets the enable password authentication via a seperate password. This has the result that you can not get into enable mode, it won't authenticate it. As soon as you go into the user and change the enable mode to be authenticated using NDS as well it works perfectly but it's a shame as it's quite tedious. There is no option in the group for this setting so it can't be set at a group level.

Any ideas anyone?

Regards

Mike

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎07-29-2005 07:29 AM

With AAA Accounting for exec sessions configured on a NAS, a user shows up in the Logged-In User report on Cisco Secure ACS. With Accounting also configured for going into enable mode, the user no longer appears in the Logged-In User report after authenticating successfully. Cisco Secure ACS tracks user sessions by IP address and port number. When enable authentication succeeds, Cisco Secure ACS sees that the IP address and port number combination for the existing session have been reused and assumes that the accounting stop packet was not sent or was lost; therefore, the user session is removed from the Logged-In User report even though the session continues in enable mode. Because the NAS cannot be configured to send new accounting start packets when the enable mode is entered, the Logged-In User report cannot correctly report the user session as ongoing.

0 Helpful

mstreet
Level 1
Level 1
In response to owillins

‎07-31-2005 01:34 PM

Thanks for the reply but my problem is to do with Authentication, not accounting. I'm not using accounting or authorization. My problem is that the settings created for dynamic user accounts are incorrectly set to use a seperate password \for enable mode rather than use NDS.

0 Helpful
Customers Also Viewed These Support Documents