Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
5
Helpful
1
Replies

AAA auth with ip http server not working

markusmaximus
Level 1
Level 1

‎04-18-2007 05:19 AM - edited ‎03-10-2019 03:06 PM

Hi all,

I am unable to get ip http server to authenticate against tacacs. attached is the debug output when logging in with the user "mark".

Router config:

aaa new-model

aaa authentication login default group tacacs+ local enable

aaa authentication login ALREADY-IN none

aaa authentication login web group tacacs+ local enable

aaa authorization exec web group tacacs+ local if-authenticated

aaa session-id common

ip http server

ip http authentication aaa login-authentication web

ip http authentication aaa exec-authorization web

the priv-lvl 15 attribute is being sent, but IP HTTP Auth fails.. any ideas why?

Cheers,

Mark

Update: Fixed it! I believe the access-enable autocommand was the cause!

Labels:
Preview file
4 KB
0 Helpful
1 Reply 1

Vivek Santuka
Cisco Employee
Cisco Employee

‎04-19-2007 05:46 AM

Hi,

I have seen that additional attributes such as "access-enable timeout 1920" would not allow http authentication to work with certain IOS versions.

Regards,

Vivek

Customers Also Viewed These Support Documents