01-29-2008 05:55 AM - edited 03-10-2019 03:37 PM
When I log into a Cisco device, I am prompeted to enter username/password. Once authenticated, I have to enter the "enable" command and then enter my password again in order to gain privileged mode access. I want to be able to to go to priv mode directly.
My AAA configuration looks like this:
aaa authentication login default group tacacs+ local
aaa authentication login ciscoadmins group tacacs+ local
aaa authentication enable default group tacacs+
aaa authorization config-commands
aaa authorization exec ciscoadmins group tacacs+ local if-authenticated
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 ciscoadmins group tacacs+ local
aaa authorization network default group tacacs+
aaa authorization network ciscoadmins group tacacs+
On my ACS SE (ver 4.1.4.13), I have both the User and Group setting configured the same for the TACACS+ section with SHELL (exec) checked and PRIV Level checked and the value set to 15.
I can get this to work with RADIUS but have not been successful with TACACS+.
Does anyone have a solution for this?
Thanks,
Keith
Solved! Go to Solution.
01-30-2008 04:31 AM
Keith,
Within the group config for ACS, verify that "Max Privilege for any AAA Client" under the enable options is set to 15.
John
02-01-2008 03:44 AM
I have that set also and no luck.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide