Hi,
I have configure the ASA with AAA. It was doing the AAA authentication but as soon I have enter the command “aaa authorization command TACACS+ LOCAL”, I am able to login, but unable to run “show run, conf t, ping” commands. When I enter these commands I am getting below error messages. Attached are the ACS 4.2 configurations screen shoots.
Error Message:
ciscoasa(config)# ping 192.168.56.1
Command authorization failed
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# conf t
Command authorization failed
ciscoasa(config)# sh run
Command authorization failed
ciscoasa(config)#
Below is the AAA configuration on the ASA.
username user1 password user123 privilege 15
enable secret password2
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server TACACS+ (inside) host 192.168.56.10
timeout 6
key Abc123#
aaa authentication http console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
!
aaa authorization command TACACS+ LOCAL when I have configure this command, I start getting error message that “Command Authorization Failed”
!
aaa accounting enable console TACACS+
aaa accounting ssh console TACACS+
Please advise that how I can now resolve this issue.
Thanks