ACS 5.4 personalised enable password on ASA login

Kai Onken · ‎04-21-2013

Hello,

is it possible to set an personalised Tacacs enable password, when a user tries to login to an ASA? This works fine with routers and switches. At the moment I've to use the $enab15$ password.

Sample:

$enab15$ = TEST1234

Device	Username	Login	Enable
Switch e.g. 2960	user-1	1234QWer	0987POiu
	user-2	asdf$567	MNbC321
Router e.g 3945	user-1	1234QWer	0987POiu
	user-2	asdf$567	MNbC321
ASA e.g. 5510	user-1	1234QWer	$enab15$
	user.2	asdf$567	$enab15$

The second problem is, that I need the $enab15$ password to login the WebGUI/ASDM is there also a solution to use custom password or to use the personalised Tacacs enable password?

Kind Regards

Kai

Kai Onken · ‎04-26-2013

Hello,

I solved the problem by myselft. You've to create a rule for ASA usage only. To this rule you have to bind a shell profile which provides you with a default level of 15 and a maximum level of 15. Now it is possible to use a coustom enable password.

Kind Regards

Kai

Marvin Rhoads · ‎04-26-2013

Thanks for letting us know the solution! +5

Kai Onken · ‎04-27-2013

Hello Marvin,

Thank for the rating. I hate those topics by myself, which looks like this:

Person 1: I've the following problem......

e.g. me: Ah, that's also my problem....

Person 1: Fixed it, close the topic please....

e.g. me: And now? How did you fix it?

Kind Regard