01-21-2011 11:10 AM - edited 03-06-2019 03:07 PM
I'm having issues with aaa authorization on Cisco 6509/6513 however its working fine on my Cisco 4948.
I have the following configured on the 6509, striaght forward:
aaa authentication login default group radius enable
aaa authorization exec default group radius if-authenticated
When I telnet to the Cisco 6509 or 6513 I get:
Username: admin
Password: ****
Authorization failed
If I remove "aaa authorization exec default group radius if-authenticated", it defaults to user exec:
======================
Username: admin
Password: ****
Password: ******
C6513_NY>
======================
Here is info on my Cisco 6509:
IOS: c6sup22-jsv-mz.121-26.E7.bin
Cisco WS-C6509
Let me know if I can get aaa authorization working, go to have a policy that authenticates to privilege exec mode.
-MN
01-25-2011 08:38 AM
Debug output:
31w2d: AAA: parse name=tty2 idb type=-1 tty=-1
31w2d: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
31w2d: AAA/MEMORY: create_user (0x44344CF4) user='' ruser='' port='tty2' rem_addr='192.168.166.250' authen_type=ASCII service=LOGIN priv=1
31w2d: AAA/AUTHEN/START (1964255498): port='tty2' list='' action=LOGIN service=LOGIN
31w2d: AAA/AUTHEN/START (1964255498): using "default" list
31w2d: AAA/AUTHEN/START (1964255498): Method=radius (radius)
31w2d: AAA/AUTHEN (1964255498): status = GETUSER
31w2d: AAA/AUTHEN/CONT (1964255498): continue_login (user='(undef)')
31w2d: AAA/AUTHEN (1964255498): status = GETUSER
31w2d: AAA/AUTHEN (1964255498): Method=radius (radius)
31w2d: AAA/AUTHEN (1964255498): status = GETPASS
31w2d: AAA/AUTHEN/CONT (1964255498): continue_login (user='Admin')
31w2d: AAA/AUTHEN (1964255498): status = GETPASS
31w2d: AAA/AUTHEN (1964255498): Method=radius (radius)
31w2d: AAA/AUTHEN (1964255498): status = PASS
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): Port='tty2' list='' service=EXEC
31w2d: AAA/AUTHOR/EXEC: tty2 (4085001239) user='Admin'
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): send AV service=shell
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): send AV cmd*
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): found list "default"
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): Method=radius (radius)
31w2d: AAA/AUTHOR (4085001239): Post authorization status = FAIL
31w2d: AAA/AUTHOR/EXEC: Authorization FAILED
31w2d: AAA/MEMORY: free_user (0x44344CF4) user='Admin' ruser='' port='tty2' rem_addr='192.168.166.250' authen_type=ASCII service=LOGIN priv=1
-MN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide