Using AAA for enable mode

- B
- Brian V
  
  Contact options for registered users
posted
16 years ago

Fri, Jun 8, 2007 2:16 AM

Hey guys, Here's what I'm trying to do. Use plain ole radius (technically IAS) for router and switch authentication. Basically pointing IAS to a specific user group. Catch is I want that user once authenticated to go directly in to priv exec mode. I got it authenticating fine, just can't seem to get the enable portion working. Keep having to use the local enable password. Even if they have to type their domian password again for enable thats fine, just need it via radius. Thoughts, Ideas, Possible? Thanks!

-Brian

- T
- Tosh
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Fri, Jun 8, 2007 4:46 AM

You need to add "service-type administrative" into the advanced tab of the ias remote access criteria. Bye, Tosh.

- T
- Trendkill
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Fri, Jun 8, 2007 11:05 AM

Well yes, and presuming that your AAA is configured right on your devices. For routers, it should look like:

aaa authentication enable default group radius enable

For cat:

set authentication enable radius enable telnet primary

That should change your model to use radius auth for enable password, but you'll need to do some additional stuff within the radius server itself to drop you into enable from first login.