router login using windows acs server

chan-kuen.hui · ‎07-05-2005

Dear All,

I would like to enable router login authentication using ACS 3.3 windows platform with Radius.

I have config the router for AAA and I setup the ACS too. But I failed to login.

Is there any configuration example on this issue?

Thanks.

dan.reynolds · ‎07-05-2005

I don't think that you can use RADIUS to do admin authorization and authentication, I believe that you need to use TACACS +

Here is the config that we use:

aaa authentication login xxxx group tacacs+ local

aaa authentication enable default enable

aaa authorization exec default group tacacs+ local

aaa authorization exec xxxxx group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 xxxx group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

Richard Burts · ‎07-05-2005

While I believe that you are correct that TACACS gives more granularity in authorization of commands than Radius does, the original post asked about doing authenticatino doing Radius. There are many successful examples of doing authentication doing Radius.

To the original post: it would help if you would post the aaa and radius parts of your config. This might allow us to identify the problem you are experiencing.

Another question for you to answer is whether the server is seeing the authentication request. Look in the Failed Attempts report and see if there is anything there that reflects your attempt to authenticate. If there is what is the error indication for that attempt in the report? If there is nothing in the report then it points us in a different direction in trying to understand your problem.

HTH

Rick

HTH

Rick