Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2036
Views
0
Helpful
6
Replies

Tacacs+ config help

Go to solution
robprescott
Level 1
Level 1

‎04-04-2014 09:02 AM - edited ‎03-12-2019 05:42 PM

Having some trouble with a tacacs config.. 

I can SSH into my 3560 switch with a tacacs configured username / password but commands like write mem or dir display an error message.

The command 'write <cr>' is not authorized for user [username] and client [ip addr] 

aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
edwjames
Level 3
Level 3

‎04-04-2014 10:29 AM

Hi Rob,

As everything is Tacacs+ specific.

If the command is not being authorized, this has be checked on the Tacacs+ server.

What is the Tacacs+ server that you are using?

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed

View solution in original post

0 Helpful
6 Replies 6

Go to solution
edwjames
Level 3
Level 3

‎04-04-2014 10:29 AM

Hi Rob,

As everything is Tacacs+ specific.

If the command is not being authorized, this has be checked on the Tacacs+ server.

What is the Tacacs+ server that you are using?

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful

Go to solution
robprescott
Level 1
Level 1
In response to edwjames

‎04-04-2014 11:09 AM

tacacs.net is the software. 

I'm digging through the documentation, but its quite lousy IMHO. 

I'll start troubleshooting this from a server authorization perspective, I just found I can rename the authorization.xml to authorization.xml.old. I've tested and now I have full control over commands.

Looks like I'll have to tweak this list of commands / permissions and rename again get this working. 

Thanks for pointing me in the right direction.

-Rob

0 Helpful

Go to solution
edwjames
Level 3
Level 3
In response to robprescott

‎04-04-2014 11:26 AM

Great !

Please mark the answer as resolved so others can take guidance with the same type of issue.

 

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful

Go to solution
deependra8010
Level 1
Level 1
In response to robprescott

‎12-06-2018 09:46 PM

Hi,

I am also facing same problem. I have done all the steps as you provided in your post but same problem. When i tried to use scp with aaa tacacs server.

 

0 Helpful

Go to solution
deependra8010
Level 1
Level 1
In response to deependra8010

‎12-06-2018 09:50 PM

Hi, 

How to check scp command authorization on ACS tacacs server. 

0 Helpful

Go to solution
deependra8010
Level 1
Level 1
In response to edwjames

‎12-06-2018 09:53 PM

Hi, 

How to check scp command authorization on ACS tacacs server. 

0 Helpful
Customers Also Viewed These Support Documents