1. Home
  2. Cisco Systems
  3. tacacs+, get rid of enable

tacacs+, get rid of enable

Hello all,

I am running tac_plus on linux. I have basic configs in place and operating, but every time I telnet into a device I am presented with the User Exec prompt (router>). I have to issue the enable command, then I am prompted to login with my tacacs username/password. I want to get set up so that I go straight to my aaa authentication username prompt. My aaa config is:

aaa new-model aaa authentication login default group tacacs+ none aaa authentication enable default group tacacs+ enab aaa authorization config-commands enable secret 5 $88sjslleuoLs944;s

TIA, John

Reply to
J R
Loading thread data ...

Try this:

aaa authorization exec default group tacacs+ if-authenticated

Jim

Reply to
Scooby

Thanks Jim.

I did try this command, but it prevents logging in altogether unless I disable the tacacs-server connection. Problem is that I'm getting the User Exec prompt and having to issue the "enable" command before tacacs+ asks me for my login/password - so I am not actually authenticated yet?

I know what I am actually -- Baffled! I'll keep pluggin' away at it and if I figure it out I'll post it.

John

Reply to
J R

I haven't seen that before. But, then again, I don't normally have these commands in there either:

perhaps one of them is getting in the way.

I just usually do:

aaa new-model aaa authentication login default local group radius aaa-authorization exec default local group radius if-authenticated

That's pretty much all that is needed, at least for radius. Not sure about tacacs.

Jim

Reply to
Scooby

Hi

you need to return 'priv-lvl = 15' from the tacacs server

also required -

aaa new-model aaa authentication login default group tacacs+ none aaa authorization exec default group tacacs+ if-authenticated

Carl

Reply to
Carl

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.