ACS AAA config authorization error

Discussion in 'Cisco' started by gazdav, Jan 29, 2007.

  1. gazdav

    gazdav Guest

    Hi all. I am really struggling to get my AAA config working. I have
    added the follwoing config to my switches:-

    aaa new-model
    aaa authentication fail-message ^CAuthentication Failure: Please
    check your password and try again!^C
    aaa authentication login default group tacacs+ local
    aaa authentication login CONSOLE line
    aaa authorization exec default group tacacs+
    aaa authorization config-commands
    aaa authorization commands 1 default group tacacs+ ne
    aaa authorization commands 15 default group tacacs+ ne
    aaa accounting send stop-record authentication failure
    aaa accounting update newinfo
    aaa accounting exec default start-stop group tacacs+
    aaa accounting commands 1 default start-stop group tacacs+
    aaa accounting commands 15 default start-stop group tacacs+
    aaa accounting system default stop-only group tacacs+

    However when I login with my acocunt name 'rmgd' and try to run any
    commadns it says 'command authorization failed'. I have one user group
    on the Cisco ACS V4 server but it isn't helping me debnug the problem
    much.

    I have run a 'debug aaa authorization' on the swithc and this is the
    output:-

    1w5d: tty2 AAA/AUTHOR/EXEC (4167861707): found list "default"
    1w5d: tty2 AAA/AUTHOR/EXEC (4167861707): Method=tacacs+ (tacacs+)
    1w5d: AAA/AUTHOR/TAC+: (4167861707): user=rmgd
    1w5d: AAA/AUTHOR/TAC+: (4167861707): send AV service=shell
    1w5d: AAA/AUTHOR/TAC+: (4167861707): send AV cmd*
    1w5d: AAA/AUTHOR (4167861707): Post authorization status = PASS_ADD
    1w5d: AAA/AUTHOR/EXEC: Processing AV service=shell
    1w5d: AAA/AUTHOR/EXEC: Processing AV cmd*
    1w5d: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15
    1w5d: AAA/AUTHOR/EXEC: Authorization successful
    1w5d: tty2 AAA/AUTHOR/CMD (3304041969): Port='tty2' list=''
    service=CMD
    1w5d: AAA/AUTHOR/CMD: tty2 (3304041969) user='rmgd'
    1w5d: tty2 AAA/AUTHOR/CMD (3304041969): send AV service=shell
    1w5d: tty2 AAA/AUTHOR/CMD (3304041969): send AV cmd=show
    1w5d: tty2 AAA/AUTHOR/CMD (3304041969): send AV cmd-arg=running-config
    1w5d: tty2 AAA/AUTHOR/CMD (3304041969): send AV cmd-arg=<cr>
    1w5d: tty2 AAA/AUTHOR/CMD (3304041969): found list "default"
    1w5d: tty2 AAA/AUTHOR/CMD (3304041969): Method=tacacs+ (tacacs+)
    1w5d: AAA/AUTHOR/TAC+: (3304041969): user=rmgd
    1w5d: AAA/AUTHOR/TAC+: (3304041969): send AV service=shell
    1w5d: AAA/AUTHOR/TAC+: (3304041969): send AV cmd=show
    1w5d: AAA/AUTHOR/TAC+: (3304041969): send AV cmd-arg=running-config
    1w5d: AAA/AUTHOR/TAC+: (3304041969): send AV cmd-arg=<cr>
    1w5d: AAA/AUTHOR (3304041969): Post authorization status = FAIL

    Any help would be rgreatly appreciated.
    gazdav, Jan 29, 2007
    #1
    1. Advertising

  2. gazdav

    test Guest

    have you associated network group whit user group? and have you enabled
    command set?
    test, Jan 29, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Shiah

    aaa authorization exec|commands|network

    Michael Shiah, Oct 21, 2003, in forum: Cisco
    Replies:
    0
    Views:
    591
    Michael Shiah
    Oct 21, 2003
  2. zombie

    aaa authorization level

    zombie, Feb 2, 2005, in forum: Cisco
    Replies:
    1
    Views:
    458
    jonathan
    Feb 20, 2005
  3. Chris_D
    Replies:
    4
    Views:
    3,412
    Chris_D
    Aug 1, 2005
  4. Replies:
    1
    Views:
    964
    Thrill5
    Apr 13, 2007
  5. Sakirana Karabudak

    Cannot login from ACS Admin -Cisco ACS 3.1

    Sakirana Karabudak, Dec 14, 2009, in forum: Cisco
    Replies:
    5
    Views:
    2,927
    Chino
    Dec 16, 2009
Loading...

Share This Page