[nsp] TACACS Authentication for telnet users

Tejal Shah tejal.shah at in.iqara.net
Mon Jul 19 06:52:30 EDT 2004


Hi Oli,

It works.
The attribute is "priv-lvl"  i have given "priv_lvl" so its not working.

Tejal
----- Original Message ----- 
From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
To: "Tejal Shah" <tejal.shah at in.iqara.net>; "Tejal Shah Shah"
<shahtejal at gmail.com>; "NSP List" <cisco-nsp at puck.nether.net>
Sent: Monday, July 19, 2004 3:55 PM
Subject: RE: [nsp] TACACS Authentication for telnet users



> Below is the config i did in profile
> user = xxxxx {
>        login = des 9Yu3082mqnBzw
>        service = exec {
>         priv_lvl=15
>         }
>     }

looks good.

> and on Router
> =============
>
> aaa group server tacacs+ tacgrp
>  server x.x.x.x
>
> aaa authentication login default local
> aaa authentication login login-auth-list group tacgrp local line
> aaa authorization exec login-auth-list group tacacs+ if-authenticated
> aaa accounting exec default start-stop group tacacs+
> aaa accounting commands 1 default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+

can you check your "line vty" configuration? I see that you're using a
non-default method ("login-auth-list"), so you also need to reference
this method on your vty's:

line vty 0 4
 authorization exec login-auth-list

hope it helps

oli





More information about the cisco-nsp mailing list