Hi all. I am really struggling to get my AAA config working. I have added the follwoing config to my switches:-
aaa new-model aaa authentication fail-message ^CAuthentication Failure: Please check your password and try again!^C aaa authentication login default group tacacs+ local aaa authentication login CONSOLE line aaa authorization exec default group tacacs+ aaa authorization config-commands aaa authorization commands 1 default group tacacs+ ne aaa authorization commands 15 default group tacacs+ ne aaa accounting send stop-record authentication failure aaa accounting update newinfo aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting system default stop-only group tacacs+
However when I login with my acocunt name 'rmgd' and try to run any commadns it says 'command authorization failed'. I have one user group on the Cisco ACS V4 server but it isn't helping me debnug the problem much.
I have run a 'debug aaa authorization' on the swithc and this is the output:-
1w5d: tty2 AAA/AUTHOR/EXEC (4167861707): found list "default" 1w5d: tty2 AAA/AUTHOR/EXEC (4167861707): Method=tacacs+ (tacacs+) 1w5d: AAA/AUTHOR/TAC+: (4167861707): user=rmgd 1w5d: AAA/AUTHOR/TAC+: (4167861707): send AV service=shell 1w5d: AAA/AUTHOR/TAC+: (4167861707): send AV cmd* 1w5d: AAA/AUTHOR (4167861707): Post authorization status = PASS_ADD 1w5d: AAA/AUTHOR/EXEC: Processing AV service=shell 1w5d: AAA/AUTHOR/EXEC: Processing AV cmd* 1w5d: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15 1w5d: AAA/AUTHOR/EXEC: Authorization successful 1w5d: tty2 AAA/AUTHOR/CMD (3304041969): Port='tty2' list='' service=CMD 1w5d: AAA/AUTHOR/CMD: tty2 (3304041969) user='rmgd' 1w5d: tty2 AAA/AUTHOR/CMD (3304041969): send AV service=shell 1w5d: tty2 AAA/AUTHOR/CMD (3304041969): send AV cmd=show 1w5d: tty2 AAA/AUTHOR/CMD (3304041969): send AV cmd-arg=running-config 1w5d: tty2 AAA/AUTHOR/CMD (3304041969): send AV cmd-arg= 1w5d: tty2 AAA/AUTHOR/CMD (3304041969): found list "default" 1w5d: tty2 AAA/AUTHOR/CMD (3304041969): Method=tacacs+ (tacacs+) 1w5d: AAA/AUTHOR/TAC+: (3304041969): user=rmgd 1w5d: AAA/AUTHOR/TAC+: (3304041969): send AV service=shell 1w5d: AAA/AUTHOR/TAC+: (3304041969): send AV cmd=show 1w5d: AAA/AUTHOR/TAC+: (3304041969): send AV cmd-arg=running-config 1w5d: AAA/AUTHOR/TAC+: (3304041969): send AV cmd-arg= 1w5d: AAA/AUTHOR (3304041969): Post authorization status = FAILAny help would be rgreatly appreciated.