Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
0
Helpful
8
Replies

% Authorization failed. error

Shadow_200
Level 1
Level 1

‎06-08-2023 02:59 AM

I have 9600 core switch on which I am getting "% Authorization failed." error.

Only sh run and sh logging output i am receiving.

Please find the AAA configuration below.

aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login userauthen local
aaa authentication enable default group tacacs+ enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization network groupauthor local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

 

Please suggets the solution

Labels:
0 Helpful
8 Replies 8

MHM Cisco World
VIP
VIP

‎06-08-2023 03:06 AM

are you auth via tacacs username/password or via local ?

0 Helpful

Shadow_200
Level 1
Level 1
In response to MHM Cisco World

‎06-08-2023 03:30 AM

Via Tacacs

0 Helpful

MHM Cisco World
VIP
VIP
In response to Shadow_200

‎06-08-2023 03:38 AM 

Router# show tacacs  <<- share this
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎06-09-2023 12:25 AM

Is this a problem for all users, or is it a problem for some users but other users work ok?

HTH

Rick
0 Helpful

Shadow_200
Level 1
Level 1
In response to Richard Burts

‎06-09-2023 01:28 AM

for all users

0 Helpful

Shadow_200
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2023 01:28 AM

#sh tacacs
% Authorization failed.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Shadow_200

‎06-09-2023 01:47 AM 

debug aaa authorization

debug tacacs

please share these two debug when issue appear 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎06-10-2023 12:15 PM

As I read through the discussion again I have a few questions and suggestions:

- am I understanding the original post correctly that you can successfully do show run and show logging but that all other commands get the authorization error?

- assuming that this is true for your ID what do other user IDs experience? Are they able to show run and show log? Are there any other commands that they can execute?

- the posted partial config indicates that accounting is enabled. Are any accounting records being generated?

- If you can do show log on the switch are there any log records generated that shed light on this issue?

- are there any log entries on the tacacs server that shed light on this issue?

- if you are successful in some commands but fail on other commands I suggest that it is less likely an issue on the switch and more likely an issue in the tacacs server. Can you verify the parameters for your user ID in the tacacs server?

- has this ever worked on this switch? Or is this a new switch install? If it is a new install you might want to verify all the parameters in tacacs about this device.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card