08-22-2007 11:44 PM - edited 03-10-2019 03:21 PM
Hello, i wonder how could i get accounting of who get in asa n what have he done to asa.
I already input :
aaa accounting command <group>
aaa accounting enable console <group>
aaa accounting telnet console <group>
And i can see who login in tacac+ accounting.
But i can't see who have input command in tacac+ administration. I just see enable_15 as the username.
08-23-2007 05:02 AM
Chris,
You need to add this command,
aaa authentication enable console
That should fix the issue.
~Regards
~JG
08-24-2007 12:25 AM
i've tried to add that command, but after that no one can login. I have to block asa connection to ACS so it could revert to local authentication.
Is there any solution?
08-24-2007 04:09 AM
whenever we do enable authentication, you also need to, on ACS on user accounts , check the appropriate option for "TACACS+ Enable Password"
under "Advanced TACACS+ Settings"
By default its, "Use separate password" which is blank.
So if your user account is local on ACS use "Use CiscoSecure PAP password" or if you are being authenticated from some external database check "Use external database password".....
If you are not able to see the option, the enable it from Interface Configuration > Advanced Option section.
then you'll be able to log into enable mode, and see who made the changes in the logs.
Regards,
Prem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide