09-06-2016 04:04 AM - edited 03-11-2019 12:03 AM
Hello experts
I have a Windows 2012 Radius server setup for my ASA(ver 9.4). First I used service type NAS Prompt, then when tested on the ASA against the Radius server, authentication was successful, but authorization failed, error authorization rejected: AAA failed.
Then I changed Radius to use service-type LOGIN, then test on ASA was successful for both authorization and authentication, but when I used aaa authorization
Can someone please give me a guild of how to use WIN Radius server for ASA authorization(not authentication)?
thanks a lot.
03-30-2017 01:09 PM
Similar issue here. I had a working AAA configuration with RADIUS and Win 2012 on IOS 9.1.6. I just upgraded to 9.4.4 and it stopped working. I found that if I disable aaa authorization entirely, the authentication and accounting pieces work.
Also of interest is ssh to the CLI never stopped working with all three "AAA's" configured. This only impacted http (ASDM). Bug in 9.4?
04-02-2017 01:47 PM
Hello,
Have you found solution for this issue?
Thank you,
Gabor
05-04-2017 12:22 PM
Same issue here, too. Running ASA 9.5(2) and ASDM 7.7(1)151.
Also, I'm using service-type ADMINISTRATIVE. This was the only setting that would give me automatic authorization (to enable mode) in SSH. When logging into ASDM, it will authenticate but fails the authorization.
No resolution found yet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide