From: Anthony Pace (anthonypace@fastmail.fm)
Date: Fri May 16 2003 - 20:49:37 GMT-3
Brian,
You are correct! I did not need "aaa auth enable" with Cisco ACS becasue
it tied everything to the user/group privilage level. It seems very
important when using the LINUX TACACS.
Thanx.
Anthony Pace
On Thu, 15 May 2003 19:33:12 -0500, "Jensen, Brian D."
<bdjensen@eschelon.com> said:
> Hi Anthony,
>
> Looks like your missing the "aaa authenticationn enable" command. You
> have
> the "exec" command. Just a thought...
>
> Brian
>
> > -----Original Message-----
> > From: Anthony Pace [SMTP:anthonypace@fastmail.fm]
> > Sent: Thursday, May 15, 2003 1:30 PM
> > To: ccielab@groupstudy.com
> > Subject: Off Topic: LINUX TACACS vs. Cisco Secure ACS
> >
> > I just built the Cisco Free LINUX TACACS server and it seems to
> > authenticate great but gives me %error in authentication when I try to
> > jump to ENABLE. I have tried several itterations on the NAS routers to no
> > avail. Is there a good LINUX TACACS newsgroup that anyone knows of. I
> > know this is not really CCIE subject matter.
> >
> > My TACACS config file:
> >
> > key = mykey
> > user = $enabl15$ {
> > login = cleartext "jumptoen"
> > {
> > user = tony {
> > default service = permit
> > login = clear text "mypass"
> > }
> > accounting file = acct
> >
> > MY ROUTER CONFIGS
> > IOS VERSION 12.0
> > aaa new-model
> > aaa authentication banner ^C !!! TACACS+ must be down so call Tony Pace
> > @ (949)533-2452 for the ^C
> > aaa authentication login default tacacs+ enable
> > aaa authorization console
> > aaa authorization exec default tacacs+ if-authenticated
> > aaa authorization commands 1 default tacacs+ if-authenticated
> > aaa authorization commands 15 default tacacs+ if-authenticated
> > aaa accounting commands 1 default start-stop tacacs+
> > aaa accounting commands 15 default start-stop tacacs+
> >
> > interface Loopback999
> > ip address 1.0.245.13 255.255.255.255
> >
> > ip tacacs source-interface Loopback999
> >
> > tacacs-server host 1.0.0.10
> > tacacs-server timeout 3
> > tacacs-server key zzzzzzz
> >
> > IOS VERSION 12.1
> > aaa new-model
> > aaa authentication banner ^C !!!TACACS+ must be down so call Tony Pace
> > @ (949)533-2452 for the ^C
> > aaa authentication login default group tacacs+ enable
> > aaa authorization console
> > aaa authorization config-commands
> > aaa authorization exec default group tacacs+ if-authenticated
> > aaa authorization commands 15 default group tacacs+ if-authenticated
> > aaa accounting commands 1 default start-stop group tacacs+
> > aaa accounting commands 15 default start-stop group tacacs+
> > !
> > interface Loopback999
> > ip address 1.0.245.13 255.255.255.255
> > !
> > ip tacacs source-interface Loopback999
> > !
> > tacacs-server host 1.0.0.10
> > tacacs-server timeout 3
> > tacacs-server key zzzzzzz
> >
> > !
> >
> >
> > Anthony Pace
> >
> >
> >
> >
> > --
> > Anthony Pace
> > anthonypace@fastmail.fm
> >
> > --
> > http://www.fastmail.fm - Choose from over 50 domains or use your own
>
-- Anthony Pace anthonypace@fastmail.fm-- http://www.fastmail.fm - Choose from over 50 domains or use your own
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:44 GMT-3