Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1655
Views
0
Helpful
6
Replies

AAA Authorization not working.

altaf.shah
Level 1
Level 1

‎01-11-2011 02:01 AM - edited ‎03-10-2019 05:42 PM

Hi,

Currently i am configuring aaa authorization on asa 8.0, but when i enter the command "# aaa authorization command CSACS"

The current session then goes to unauthorized. and i am totally out from console. i cannot do anything.

What ever i try it says. Command Authorization Failed. Authentication is working fine.

Support Appriciated.

Labels:
0 Helpful
6 Replies 6

Dan-Ciprian Cicioiu
Level 7
Level 7

‎01-11-2011 02:07 AM

Hi ,

try to reconnect.

If you are connected without a user, or a user that is not on the ACS , after entering "aaa authorization" the equipment will send authorization requests to ACS , and the ACS will deny the request , the user being invalid.

Dan

0 Helpful

altaf.shah
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎01-11-2011 02:13 AM

The user is currently in ACS, as the authentication is working fine. i am configuring using the AAA authenticated user.

Still same prob.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to altaf.shah

‎01-11-2011 02:37 AM

Hi Syed,


Once you issue command authorization it will surely give you "Command authorization" error unless you have special privileges on ACS to run the commnads.


Please follow the steps in the below listed links.


ACS side configuration


Privilege for Read-Write Access or Full Access
http://tools.cisco.com/squish/7cd88

Associate the Shell Command Authorization Set (ReadWrite Access) to User Group (Admin Group)
http://tools.cisco.com/squish/2f128


Hope this helps.


Rgds,

Jatin


~Do rate helpful posts-

~Jatin
0 Helpful

altaf.shah
Level 1
Level 1
In response to Jatin Katyal

‎01-11-2011 02:41 AM

Dear jkatyal
Yes i did the configuration in ACS following the same tutorial, and also Pix commands authorization set. but none working.
Even when i try to login from Console. it says Command Authorization Failed.
Getting the same error for every user.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to altaf.shah

‎01-11-2011 02:47 AM

You shouldn't use PIX command authorization set and it doesn't work. Please revert to shell command authorization set. I am positive it will fix the issue.


Regards,

Jatin


Do rate helpful posts-

~Jatin
0 Helpful

altaf.shah
Level 1
Level 1
In response to Jatin Katyal

‎01-11-2011 02:55 AM

Thanks for your help

But the Problem still there... Authorization not working.

is there anything i am missing?

hereis my config

Defined tacacs+ server group CSACS

Given IP Address of server + Key

and

aaa authentication ssh console CSACS LOCAL

aaa authorization command CSACS

Authentication working fine. but when i enter Authorization thats it...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents