04-04-2014 09:02 AM - edited 03-12-2019 05:42 PM
Having some trouble with a tacacs config..
I can SSH into my 3560 switch with a tacacs configured username / password but commands like write mem or dir display an error message.
The command 'write <cr>' is not authorized for user [username] and client [ip addr]
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
Solved! Go to Solution.
04-04-2014 10:29 AM
Hi Rob,
As everything is Tacacs+ specific.
If the command is not being authorized, this has be checked on the Tacacs+ server.
What is the Tacacs+ server that you are using?
Regards
Ed
04-04-2014 10:29 AM
Hi Rob,
As everything is Tacacs+ specific.
If the command is not being authorized, this has be checked on the Tacacs+ server.
What is the Tacacs+ server that you are using?
Regards
Ed
04-04-2014 11:09 AM
tacacs.net is the software.
I'm digging through the documentation, but its quite lousy IMHO.
I'll start troubleshooting this from a server authorization perspective, I just found I can rename the authorization.xml to authorization.xml.old. I've tested and now I have full control over commands.
Looks like I'll have to tweak this list of commands / permissions and rename again get this working.
Thanks for pointing me in the right direction.
-Rob
04-04-2014 11:26 AM
Great !
Please mark the answer as resolved so others can take guidance with the same type of issue.
Regards
Ed
12-06-2018 09:46 PM
Hi,
I am also facing same problem. I have done all the steps as you provided in your post but same problem. When i tried to use scp with aaa tacacs server.
12-06-2018 09:50 PM
Hi,
How to check scp command authorization on ACS tacacs server.
12-06-2018 09:53 PM
Hi,
How to check scp command authorization on ACS tacacs server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: