Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1317
Views
0
Helpful
16
Replies

Priv mode access when authenticating

Go to solution
kduckett
Level 1
Level 1

‎01-29-2008 05:55 AM - edited ‎03-10-2019 03:37 PM

When I log into a Cisco device, I am prompeted to enter username/password. Once authenticated, I have to enter the "enable" command and then enter my password again in order to gain privileged mode access. I want to be able to to go to priv mode directly.

My AAA configuration looks like this:

aaa authentication login default group tacacs+ local

aaa authentication login ciscoadmins group tacacs+ local

aaa authentication enable default group tacacs+

aaa authorization config-commands

aaa authorization exec ciscoadmins group tacacs+ local if-authenticated

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 ciscoadmins group tacacs+ local

aaa authorization network default group tacacs+

aaa authorization network ciscoadmins group tacacs+

On my ACS SE (ver 4.1.4.13), I have both the User and Group setting configured the same for the TACACS+ section with SHELL (exec) checked and PRIV Level checked and the value set to 15.

I can get this to work with RADIUS but have not been successful with TACACS+.

Does anyone have a solution for this?

Thanks,

Keith

Labels:
0 Helpful
16 Replies 16

Go to solution
John Dutchover
Level 1
Level 1

‎01-30-2008 04:31 AM

Keith,

Within the group config for ACS, verify that "Max Privilege for any AAA Client" under the enable options is set to 15.

John

0 Helpful

Go to solution
mlenco
Level 1
Level 1
In response to John Dutchover

‎02-01-2008 03:44 AM

I have that set also and no luck.

0 Helpful
Customers Also Viewed These Support Documents