Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
4
Replies

Prime 1.4 - no aaa authentication tacacs+ server

Flavio Miranda
VIP
VIP

‎04-16-2015 01:38 PM - edited ‎07-05-2021 02:57 AM

Anybody know the equivalent command "no aaa authentication tacacs+ server" on PI 1.4. I saw this command on PI 2.2 but I can´t find something similar on 1.4.

 

Thanks in advanced.

Labels:
0 Helpful
4 Replies 4

gohussai
Level 4
Level 4

‎04-17-2015 12:01 PM

Check the following Command line manual for PI 1.4

 

http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/1-4/command/reference/cli14.html

Apart from that I found this ,let me know if it helps.

 


Select a command

    Add TACACS+ Server—See the “Add TACACS+ Server” section.
    Delete TACACS+ Server—Select a server or servers to be deleted, select this command, and click Go to delete the server(s) from the database.

Add TACACS+ Server

Choose Administration > AAA > TACACS+ from the left sidebar menu to access this page. From the Select a command drop-down list choose Add TACACS+ Server , and click Go to access this page.

This page allows you to add a new TACACS+ server to Prime Infrastructure.

    Server Address—IP address of the TACACS+ server being added.
    Port—Controller port.
    Shared Secret Format—ASCII or Hex.
    Shared Secret—The shared secret that acts as a password to log in to the TACACS+ server.
    Confirm Shared Secret—Reenter TACACS+ server shared secret.
    Retransmit Timeout—Specify retransmission timeout value for a TACACS+ authentication request.
    Retries—Number of retries allowed for authentication request. You can specify a value between 1 and 9.
    Authentication Type—Two authentication protocols are provided. Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).

Command Buttons

    Submit
    Cancel

Note • Enable the TACACS+ server with the AAA Mode Settings. See the “Configuring AAA Mode” section.

    You can add only three servers at a time in Prime Infrastructure.

 

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to gohussai

‎04-17-2015 12:10 PM

Thanks.

  I did not explain the whole story but the fact is I got locked out of web interface. I restored a backup from a server which has TACACS and now I need to disable or change to local auth from CLI.

 I saw that PI 2.2 has the aaa auth command but I cant find anything similar to PI 1.4.

The command manual does not helped too much. I appreciate any help.

0 Helpful

Flavio Miranda
VIP
VIP

‎04-22-2015 09:48 AM

Hi everyone,

 

 I'm answering this question according to Cisco TAC. If you backup/restore a database from a previous server which has TACACS configured, the new server will have it as well. 

 Most probably, the new server will not have access to the TACACS yet  thus you loss access to the web interface. The default auth sequence is TACACS and then Local user. But local user will fail until you change the root password using the following command:

ncs password root password <new-password>

That's it and that's all.

 

PS..This also works for PI 2.2.

 

0 Helpful

gohussai
Level 4
Level 4
In response to Flavio Miranda

‎04-22-2015 11:41 AM

This is the Lastest update from Cisco. and its BUG:CSCup93100 on PI 2.2

 

Administrative users of Prime Infrastructure's command line interface who are being externally authenticated by TACACS need to also have an account local to Prime Infrastructure for authentication to succeed.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card