Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1328
Views
0
Helpful
0
Comments

The CiscoSecure ACS for Windows 4.0 displays the cs user unknown error message when a separate TACACS+ enable password is configured

TCC_2
Level 10
Level 10

‎06-22-2009 05:28 PM - edited ‎02-21-2020 09:56 PM

Core issue

This problem occurs due to the presence of Cisco bug ID CSCsd86017.

The enable password for TACACS+ fails to authenticate if these conditions are met:

  1. The Use Separate Password option is set explicitly.
     
  2. An external authentication source (for example, Windows) is used.

Users can log in but when the enable command is issued, authentication fails, and the Failed Attempts log displays the cs user unknown error message.

Resolution

As a workaround, set the enable password to the Windows password. Alternatively, use the CiscoSecure Password Authentication Protocol (PAP) password.

Note: The CiscoSecure PAP password automatically blanks out and effectively becomes the Windows password.

A separate enable password for TACACS+ works well in CiscoSecure ACS version 3.3.3 and earlier. This problem occurs with CiscoSecure ACS version 4.0(1.27).

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents