04-16-2015 01:38 PM - edited 07-05-2021 02:57 AM
Anybody know the equivalent command "no aaa authentication tacacs+ server" on PI 1.4. I saw this command on PI 2.2 but I can´t find something similar on 1.4.
Thanks in advanced.
04-17-2015 12:01 PM
Check the following Command line manual for PI 1.4
http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/1-4/command/reference/cli14.html
Apart from that I found this ,let me know if it helps.
Select a command
Add TACACS+ Server—See the “Add TACACS+ Server” section.
Delete TACACS+ Server—Select a server or servers to be deleted, select this command, and click Go to delete the server(s) from the database.
Add TACACS+ Server
Choose Administration > AAA > TACACS+ from the left sidebar menu to access this page. From the Select a command drop-down list choose Add TACACS+ Server , and click Go to access this page.
This page allows you to add a new TACACS+ server to Prime Infrastructure.
Server Address—IP address of the TACACS+ server being added.
Port—Controller port.
Shared Secret Format—ASCII or Hex.
Shared Secret—The shared secret that acts as a password to log in to the TACACS+ server.
Confirm Shared Secret—Reenter TACACS+ server shared secret.
Retransmit Timeout—Specify retransmission timeout value for a TACACS+ authentication request.
Retries—Number of retries allowed for authentication request. You can specify a value between 1 and 9.
Authentication Type—Two authentication protocols are provided. Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
Command Buttons
Submit
Cancel
Note • Enable the TACACS+ server with the AAA Mode Settings. See the “Configuring AAA Mode” section.
You can add only three servers at a time in Prime Infrastructure.
04-17-2015 12:10 PM
Thanks.
I did not explain the whole story but the fact is I got locked out of web interface. I restored a backup from a server which has TACACS and now I need to disable or change to local auth from CLI.
I saw that PI 2.2 has the aaa auth command but I cant find anything similar to PI 1.4.
The command manual does not helped too much. I appreciate any help.
04-22-2015 09:48 AM
Hi everyone,
I'm answering this question according to Cisco TAC. If you backup/restore a database from a previous server which has TACACS configured, the new server will have it as well.
Most probably, the new server will not have access to the TACACS yet thus you loss access to the web interface. The default auth sequence is TACACS and then Local user. But local user will fail until you change the root password using the following command:
ncs password root password <new-password>
That's it and that's all.
PS..This also works for PI 2.2.
04-22-2015 11:41 AM
This is the Lastest update from Cisco. and its BUG:CSCup93100 on PI 2.2
Administrative users of Prime Infrastructure's command line interface who are being externally authenticated by TACACS need to also have an account local to Prime Infrastructure for authentication to succeed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide