RE: Off Topic: LINUX TACACS vs. Cisco Secure ACS

From: Jensen, Brian D. (bdjensen@eschelon.com)
Date: Thu May 15 2003 - 21:33:12 GMT-3

• Next message: Jensen, Brian D.: "RE: Tunnel IPSec between PIX to PIX"
• Previous message: victor.cruz@datacraft-asia.com: "RE: Please remove me from the list..."
• Maybe in reply to: Anthony Pace: "Off Topic: LINUX TACACS vs. Cisco Secure ACS"
• Next in thread: Anthony Pace: "RE: Off Topic: LINUX TACACS vs. Cisco Secure ACS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Anthony,

Looks like your missing the "aaa authenticationn enable" command. You have
the "exec" command. Just a thought...

Brian

> -----Original Message-----
> From: Anthony Pace [SMTP:anthonypace@fastmail.fm]
> Sent: Thursday, May 15, 2003 1:30 PM
> To: ccielab@groupstudy.com
> Subject: Off Topic: LINUX TACACS vs. Cisco Secure ACS
>
> I just built the Cisco Free LINUX TACACS server and it seems to
> authenticate great but gives me %error in authentication when I try to
> jump to ENABLE. I have tried several itterations on the NAS routers to no
> avail. Is there a good LINUX TACACS newsgroup that anyone knows of. I
> know this is not really CCIE subject matter.
>
> My TACACS config file:
>
> key = mykey
> user = $enabl15$ {
> login = cleartext "jumptoen"
> {
> user = tony {
> default service = permit
> login = clear text "mypass"
> }
> accounting file = acct
>
> MY ROUTER CONFIGS
> IOS VERSION 12.0
> aaa new-model
> aaa authentication banner ^C !!! TACACS+ must be down so call Tony Pace
> @ (949)533-2452 for the ^C
> aaa authentication login default tacacs+ enable
> aaa authorization console
> aaa authorization exec default tacacs+ if-authenticated
> aaa authorization commands 1 default tacacs+ if-authenticated
> aaa authorization commands 15 default tacacs+ if-authenticated
> aaa accounting commands 1 default start-stop tacacs+
> aaa accounting commands 15 default start-stop tacacs+
>
> interface Loopback999
> ip address 1.0.245.13 255.255.255.255
>
> ip tacacs source-interface Loopback999
>
> tacacs-server host 1.0.0.10
> tacacs-server timeout 3
> tacacs-server key zzzzzzz
>
> IOS VERSION 12.1
> aaa new-model
> aaa authentication banner ^C !!!TACACS+ must be down so call Tony Pace
> @ (949)533-2452 for the ^C
> aaa authentication login default group tacacs+ enable
> aaa authorization console
> aaa authorization config-commands
> aaa authorization exec default group tacacs+ if-authenticated
> aaa authorization commands 15 default group tacacs+ if-authenticated
> aaa accounting commands 1 default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+
> !
> interface Loopback999
> ip address 1.0.245.13 255.255.255.255
> !
> ip tacacs source-interface Loopback999
> !
> tacacs-server host 1.0.0.10
> tacacs-server timeout 3
> tacacs-server key zzzzzzz
>
> !
>
>
> Anthony Pace
>
>
>
>
> --
> Anthony Pace
> anthonypace@fastmail.fm
>
> --
> http://www.fastmail.fm - Choose from over 50 domains or use your own

• Next message: Jensen, Brian D.: "RE: Tunnel IPSec between PIX to PIX"
• Previous message: victor.cruz@datacraft-asia.com: "RE: Please remove me from the list..."
• Maybe in reply to: Anthony Pace: "Off Topic: LINUX TACACS vs. Cisco Secure ACS"
• Next in thread: Anthony Pace: "RE: Off Topic: LINUX TACACS vs. Cisco Secure ACS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:43 GMT-3