[nsp] TACACS Authentication for telnet users
Tejal Shah
tejal.shah at in.iqara.net
Mon Jul 19 06:52:30 EDT 2004
Hi Oli,
It works.
The attribute is "priv-lvl" i have given "priv_lvl" so its not working.
Tejal
----- Original Message -----
From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
To: "Tejal Shah" <tejal.shah at in.iqara.net>; "Tejal Shah Shah"
<shahtejal at gmail.com>; "NSP List" <cisco-nsp at puck.nether.net>
Sent: Monday, July 19, 2004 3:55 PM
Subject: RE: [nsp] TACACS Authentication for telnet users
> Below is the config i did in profile
> user = xxxxx {
> login = des 9Yu3082mqnBzw
> service = exec {
> priv_lvl=15
> }
> }
looks good.
> and on Router
> =============
>
> aaa group server tacacs+ tacgrp
> server x.x.x.x
>
> aaa authentication login default local
> aaa authentication login login-auth-list group tacgrp local line
> aaa authorization exec login-auth-list group tacacs+ if-authenticated
> aaa accounting exec default start-stop group tacacs+
> aaa accounting commands 1 default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+
can you check your "line vty" configuration? I see that you're using a
non-default method ("login-auth-list"), so you also need to reference
this method on your vty's:
line vty 0 4
authorization exec login-auth-list
hope it helps
oli
More information about the cisco-nsp
mailing list