[nsp] TACACS Authentication for telnet users
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Jul 19 06:25:44 EDT 2004
> Below is the config i did in profile
> user = xxxxx {
> login = des 9Yu3082mqnBzw
> service = exec {
> priv_lvl=15
> }
> }
looks good.
> and on Router
> =============
>
> aaa group server tacacs+ tacgrp
> server x.x.x.x
>
> aaa authentication login default local
> aaa authentication login login-auth-list group tacgrp local line
> aaa authorization exec login-auth-list group tacacs+ if-authenticated
> aaa accounting exec default start-stop group tacacs+
> aaa accounting commands 1 default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+
can you check your "line vty" configuration? I see that you're using a
non-default method ("login-auth-list"), so you also need to reference
this method on your vty's:
line vty 0 4
authorization exec login-auth-list
hope it helps
oli
More information about the cisco-nsp
mailing list