Well, how are you entering your command?
<CR> is a carriage return, or enter on keyboards.
You need to enter your command like this:
"copy start tftp://1.2.3.4/name"
and NOT like this:
"
copy start tftp:
1.2.3.4
name
"
On Fri, Apr 10, 2009 at 6:37 PM, Mohammad Eslami <mohamadeslami_at_gmail.com>wrote:
> Hi Group,
>
> I'm trying to configure command authorization using ACS for the "copy
> startup tftp:" exec command, but the IOS sends the <cr> as the argument
> instead of tftp: to the ACS Server:
>
> debug aaa authorization turned on
>
> R8#copy startup tftp:
> Command authorization failed.
>
> *Apr 5 00:02:36.067: AAA: parse name=tty3 idb type=-1 tty=-1
> *Apr 5 00:02:36.067: AAA: name=tty3 flags=0x11 type=5 shelf=0 slot=0
> adapter=0 port=3 channel=0
> *Apr 5 00:02:36.067: AAA/MEMORY: create_user (0x83B37358) user='user1'
> ruser='R8' ds0=0 port='tty3' rem_addr='192.168.0.10' authen_type=ASCII
> service=NONE priv=15 initial_task_id='0', vrf= (id=0)
> *Apr 5 00:02:36.067: tty3 AAA/AUTHOR/CMD(2859225967): Port='tty3'
> list='TAC' service=CMD
> *Apr 5 00:02:36.067: AAA/AUTHOR/CMD: tty3(2859225967) user='user1'
> *Apr 5 00:02:36.067: tty3 AAA/AUTHOR/CMD(2859225967): send AV
> service=shell
> *Apr 5 00:02:36.067: tty3 AAA/AUTHOR/CMD(2859225967): send AV cmd=copy
> *Apr 5 00:02:36.067: tty3 AAA/AUTHOR/CMD(2859225967): send AV
> cmd-arg=startup-config
> *Apr 5 00:02:36.067: tty3 AAA/AUTHOR/CMD(2859225967): send AV cmd-arg=<cr>
> *Apr 5 00:02:36.067: tty3 AAA/AUTHOR/CMD(2859225967): found list "TAC"
> *Apr 5 00:02:36.067: tty3 AAA/AUTHOR/CMD(2859225967): Method=tacacs+
> (tacacs+)
> *Apr 5 00:02:36.067: AAA/AUTHOR/TAC+: (2859225967): user=user1
> *Apr 5 00:02:36.067: AAA/AUTHOR/TAC+: (2859225967): send AV service=shell
> *Apr 5 00:02:36.067: AAA/AUTHOR/TAC+: (2859225967): send AV cmd=copy
> *Apr 5 00:02:36.067: AAA/AUTHOR/TAC+: (2859225967): send AV
> cmd-arg=startup-config
> *Apr 5 00:02:36.067: AAA/AUTHOR/TAC+: (2859225967): send AV cmd-arg=<cr>
> *Apr 5 00:02:36.271: AAA/AUTHOR (2859225967): Post authorization status =
> FAIL
> *Apr 5 00:02:36.271: AAA/MEMORY: free_user (0x83B37358) user='user1'
> ruser='R8' port='tty3' rem_addr='192.168.0.10' authen_type=ASCII
> service=NONE priv=15 vrf= (id=0)
>
>
> On the router the aaa has been configured as follows:
>
>
> !
> aaa new-model
> !
> !
> aaa authentication login default group tacacs+
> aaa authorization exec default group tacacs+
> aaa authorization commands 0 default group tacacs+
> aaa authorization commands 1 default group tacacs+
> aaa authorization commands 15 default group tacacs+
> !
> tacacs-server host 192.168.0.12 key cisco
> !
>
>
> Any help will be greatly appreciated,
>
>
>
> Regards
>
> Mohammad
>
>
>
>
>
> __________ Information from ESET Smart Security, version of virus signature
> database 3994 (20090407) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Pavel Bykov ---------------- Don't forget to help stopping the braindumps, use of which reduces value of your certifications. Sign the petition at http://www.stopbraindumps.com/ Blogs and organic groups at http://www.ccie.netReceived on Wed Apr 15 2009 - 23:14:07 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:12 ART