ASA enable password is still local when enabling radius server via SSH

faghouri83 · ‎06-24-2024

Hi I enabled radius authentication via the asdm to our nps server. The username and password works however when prompting for the password again for enable mode, it gives me an error. I then have to use the old local enable password to get into the mode. Is there an easy way to fix this in the asdm so that the same password allows you to get into enable mode too?

Thanks

MHM Cisco World · ‎06-24-2024

Can I see the confi of aaa server in asa

MHM

balaji.bandi · ‎06-25-2024

Make sure the user in Priv 15 mode - check below guide :

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/117641-config-asa-00.html#anc6

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

faghouri83 · ‎06-25-2024

aaa-server NPS_Servers (inside) host 10.171.xx.27
key *****
aaa-server NPS_Servers (inside) host 10.171.xx.28
key *****
user-identity default-domain LOCAL
aaa authentication ssh console NPS_Servers LOCAL
aaa authentication login-history

Balaji the NPS server works for other devices on the network including other asa firewalls.

MHM Cisco World · ‎06-25-2024

Debug aaa comm 10

Check if the aaa send anything to aaa server when you try to access asa.

It can the asa dont any connection to aaa and use local and if that correct then you need to specify privilege 15.

But let check aaa first

MHM

balaji.bandi · ‎06-25-2024

Balaji the NPS server works for other devices on the network including other asa firewalls.

If this is the only firewall not working, i would compare working vs not working config.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help