04-03-2014 02:15 PM - edited 03-10-2019 09:36 PM
Hi, I have configured the ACS 5.5 following a number of documents, the last one being a support forum doc, "How to Configure tacacs Authentication and Authorization for Admin and non-Admin users in ACS 5.1", yet each time when I login to the Cisco device, it logs me directly into user exec mode and not priv exec.
I am sure I had it working earlier but it is no longer working. Any ideas anyone?
The Designer Shell profile has the following configured with the 2 privilege settings as 15.
Service selection rules:
The Device Authorisation Policy is as follows;
The cisco AAA commands are;
aaa new-model
aaa authentication login default group tacacs+ line enable
aaa authentication enable default group tacacs+ line enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+