Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2211
Views
0
Helpful
6
Replies

Not able enter enable mode, command authoizaton failed

Ramesh M
Level 1
Level 1

‎11-06-2013 04:17 AM - edited ‎03-10-2019 09:04 PM

Hi,

Please fidn the pix device configurations.

sh privilege

privilege show level 5 command cpu

privilege show level 5 command running-config

privilege show level 5 command local-host

privilege show level 5 command memory

privilege show level 5 command conn

privilege show level 5 command xlate

privilege show level 5 command pager

privilege show level 5 mode configure command configure

privilege show level 5 command failover

privilege configure level 5 command ping

privilege show level 5 command interface

privilege show level 5 command arp

privilege configure level 5 command pager

privilege clear level 5 command pager

privilege configure level 5 command write

privilege configure level 5 mode configure command configure

privilege configure level 5 mode enable command configure

privilege configure level 5 mode enable command enable

privilege configure level 5 mode configure command enable

privilege show level 5 mode configure command enable

sh aaa

aaa authentication ssh console TACACS+ LOCAL

aaa authentication telnet console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authentication serial console TACACS+ LOCAL

aaa authorization command TACACS+ LOCAL

sh username

username test password cGVh1Wzc/rOjv82wsd encrypted privilege 5

sh version

Cisco PIX Firewall Version 6.3(4)

Cisco PIX Device Manager Version 3.0(2)

Error result , but we are able to login enable mode with privilege level 15.

login as: test

Sent username "test"

test@x.x.x.x's password:

Type help or '?' for a list of available commands.

PIX>

PIX> en

Command authorization failed

PIX>

Awaiting urs response and help here...

Regards / Ramesh M

Labels:
0 Helpful
6 Replies 6

Ramesh M
Level 1
Level 1

‎11-06-2013 07:11 AM

Hi,

Not able to enter enable mode by Privilege  level 5 users.

But privilege level 15 users are able to enter enable mode.

Error messge displayed.. Authorization failed for privilege level 5 users

Regards / Ramesh M

0 Helpful

Peter Koltl
Level 7
Level 7
In response to Ramesh M

‎11-06-2013 10:25 AM

Try

enable 5

and

show curpriv

0 Helpful

Ramesh M
Level 1
Level 1
In response to Peter Koltl

‎11-06-2013 08:14 PM

Hi,

Its no successfull,

I am getting below error

PIX> enable 5

Command authorization failed

PIX> show curpriv

Username : test

Current privilege level : 1

Current Mode/s : P_UNPR

PIX>

But test user has been created with privilege level 5

PIX# sh username

username test password cGVh1Wzc/rOjv8Lo encrypted privilege 5

Regards / Ramesh M

0 Helpful

Peter Koltl
Level 7
Level 7
In response to Ramesh M

‎11-07-2013 12:32 PM 

aaa authorization command TACACS+ LOCAL

What about TACACS? If it's a local user, why do you set authorization to TACACS+ primarily?

0 Helpful

Ramesh M
Level 1
Level 1
In response to Peter Koltl

‎11-07-2013 06:00 PM

Hi Peter,

we have configured TACACS+ As well. some of the local users are created for login with read only access.

If I configure the TACACS+, is the local privilege level authorization will work. ?

Moreover the readonly users in the TACACS+ alo gettting the same command authorization error.

Regards / Ramesh M

0 Helpful

sahseth
Level 1
Level 1

‎11-18-2013 12:05 PM

Hello,

Please try below debug commands and share failure logs you are getting:

[no] debug aaa [authentication | authorization| accounting | internal]

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents