Cisco AAA/Identity/Nac :: ACS 5.1 Is Refusing To Use Enable Password
Dec 21, 2012
I have migrated my ACS data from 4.1 to 5.1 and everything is working fine to test the connection I have configured a switch to get the authentication from the new Tacacs server, using my old username and password..i got in perfectly but when the switch asked my for enable which is the same password, it refused the password.(I have unchecked the <use a different password for enable> option) I deleted my switch from the Tacacs to enter locally, I went in with no problems..i thought that the problem may be from the old configuration.so I created a new username and password to check, and the problem still exist.
View 2 Replies
ADVERTISEMENT
Jan 28, 2013
How to configure authentication of enable password using acs 5.3. I have installed acs 5.3 and created user and gave relevant passwords. Following config is done on router
aaa new-model
aaa authentication login default group tacacs+ local
aaa authen enable default group tacacs+ enable
tacacs-server host x.x.x.x key xxxxx
Now when I telnet router, i can authenticate username/pass with acs5.3 but when i try to enter enable command and give password, it gives me error in authentication. What is the process of configuring enable passwords?
View 6 Replies
View Related
Dec 29, 2011
Changed my AD password and now i cannot get into the enable side of the cisco switches on our network (we have no routers).Looking on the logs for the ACS v4.2 I can see the following -
On TACACS+ Accounting you can see the connections which have worked - it the initial tty connections -
When i look in the failed attempts i see the following Auth failed - External DB user invalid or bad password or on another occasion internal error or EAP-TLS or PEAP authentication failed due to unknown CAcertificate during SSL handshake.
View 1 Replies
View Related
Jul 10, 2012
I have been experimenting with acs 4.2 and a cisco asa 5510. I have managed to authenticate the ASA users with my tacacs server. The user "test" is authenticated with the tacacs server, and can log in. But the enable password is wrong, because i dont know where to place it in the tacacs server.
Now my question is, where do i set my enable password when authenticatig with tacacs+. And for this i mean in the acs 4.2, i know how to do it on the asa.
View 4 Replies
View Related
Jan 24, 2013
how do I setup an enable password for an ASA 5510? At the moment its setup to authenticate using RADIUS (which I'd like to keep doing) but I need to setup an enable mode password.
View 3 Replies
View Related
Jul 26, 2012
I am trying to migrate an ACS 4.1.1(24) using the migraton tool to ACS 5.2. The tool is working OK. It migrates the users, groups, NDG, etc. and the reports are showing no errors.
The problem is with the Enable password of the users. The users in the ACS 4 have the TACACS+ Enable Password configured, but after the migration it appears empty in the ACS 5.
View 3 Replies
View Related
Jun 23, 2011
Recently I came across a router (Cisco 3845, IOS 12.4) configured for TACACS, one local username and an enable password. Going through the configuration I noticed the router didn't have an enable secret password which I thought was strange. The TACACS config is below, comments regarding the TACACS config and the consequences of not having an enable secret or if there is a need for one.
aaa authentication login default group tacacs+ aaa authentication login no_tacacs enable aaa authorization exec default group tacacs+ aaa authorization commands 1 default group tacacs+ aaa authorization commands 15 default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+
View 7 Replies
View Related
Sep 12, 2011
configuring AAA on 1841 router, initially it authenticates me well using my TACAS+ login. but though i have configured enable password in router, router directly puts me in privilage mod without asking enable password .
my configs for AAA as below
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 0 ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting commands 1 ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
View 8 Replies
View Related
Jun 24, 2011
how to enable the password on d-link di-624
View 2 Replies
View Related
Aug 3, 2012
I need to recover switch enable password, i have already configured AAA also, when i am tryig to follow below proceedure finally saying Authorization failed. how can i recover enable password,If I try to recover password like this description says [URL]
Step 1 Connect a terminal or PC with terminal-emulation software to the switch console port.
Step 2 Set the line speed on the emulation software to 9600 baud.
Step 3 Power off the switch. Reconnect the power cord to the switch and, within 15 seconds, press the Mode button while the System LED is still flashing green.
Base ethernet MAC Address: 00:0x:xx:xx:xx:xx
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software:
flash_init
load_helper
boot
[code]....
View 1 Replies
View Related
Aug 29, 2012
I have a cisco 1801 router that is not prompting for enable password.After loging into router thru telnet it puts direct into privelege mode without promting for enable password.Here is the configuration:
User Access Verification
Username: adminPassword:xxxxx#sh runBuilding configuration...
Current configuration : 2132 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname xxxxxx!boot-start-markerboot-end-marker!enable password 7 022F0A5D0208063555692B!no aaa new-model!!dot11 syslog!!ip cefno ip dhcp use vrf connectedip dhcp excluded-address 192.168.0.1 192.168.0.10!ip dhcp pool LAN import all network 192.168.0.0 255.255.255.0 default-router 192.168.0.1!!!multilink bundle-name authenticated!!username admin privilege 15 password 7 112017031E1C02181Dusername user privilege 3 password 7 091D1C5A100B111B05051033!!archivelog config hidekeys!!!!!interface ATM0no ip addressno atm ilmi-keepalivepvc xxxxx
[code].....
View 7 Replies
View Related
Oct 23, 2012
Today I wanted to change my passwords on my router Cisco 888e.I connect by telnet my router and access the enable mode.Then, I set my enable password to passwordxxx with the command enable password password1.After a show run, i could see in this config my new password correctly set. Then, I set my enable secret password to passwordxxx (the same) with the command enable secret password password1.I log off the enable mode.Try to log on with the command en but when I type the new or the old password, I receive a 'Access denied' message.
And I'm sure of the new one because on my command line to define it I could see this new password in clear!What are my solutions to access the enable mode again?If I reboot my router, it'll run the previous config file with the old password? I've only worked on the running config file and haven't apply these changes to the nvram.
View 4 Replies
View Related
Mar 15, 2011
We are installaing a new RSP720 on 7606 platform and facing a peculiar problem. It is prompting for a enable password. We have not configured anything on router yet, still it is asking for enable password.
View 3 Replies
View Related
Jun 4, 2011
I have created internal user on internal identiy store --> users with password & enable password , Similarly i have enabled max privilige level 15 under policy elements , authorisation & permission ,Device administration , shell profile .But i am unable to login into device using enable password , I am finding following error on my logg report
Failuire reason : 13029 Requested privilige level is too high .
View 3 Replies
View Related
Jul 9, 2012
resetting the disable password on an ASA5505 device
View 9 Replies
View Related
Mar 28, 2011
Cisco 7609 Router, Enable password unable to reset.
Many times CTRL+BREAK Key combination while booting the router does not takes the console to ROMMON.
Router boots using the IOS image in the bootdisk0: (For entering into the ROMMON, removed both the external Flash disks also - no use)
2 or three time in a day it enters in to the ROMMON while pressing CTRL+BREAK.
Tried in the ROMMON (one Sup is removed) with confreg 0x2142 followed by reset/boot commands, the router is booting with the startup config.
View 2 Replies
View Related
Oct 11, 2012
I have a problem with an ASA5510 (8.0.4) firewall in South Africa (I'm in the UK).It's a replacement firewall that I am trying to configure remotely through a serial device with an internet facing connection, but the enable password is not working.I can connect to the device OK, type 'en' and when propted for the password whatever I use (blank, cisco, Cisco etc.) I get an 'invalid password' message.
View 2 Replies
View Related
Feb 28, 2013
We are using ACS 5.3 with two servers in a distributed solution.All logs are collected on primary server so when this server fails all logs are lost.How can I enable log on secondary server also?
View 2 Replies
View Related
Oct 12, 2011
ACS and i would like to know how to enable the "Configuration Audit" for someone login to my network devices using their ACS login and i can monitor what they did on it.
ACS Version : 5.2.0.26
View 6 Replies
View Related
Feb 8, 2012
how to Config the ACS 4.2 server runs in TACACS + mode (users accounts configured the ACS) mode to authenticate enable mode password on the asa using the same AD account?
View 10 Replies
View Related
Jun 8, 2012
We have just swtiched router and network in out house and upon doing so my computer can no longer connect to the internet, the other two in our house can. The computer can detect the network but the information it has about it is wrong, the security type and radio type. (See picture) it is a Billion Router and works fine on all other computers, we thought at first the problem was with Hamachi but after uninstalling it the problem was not fixed.
View 19 Replies
View Related
Jun 7, 2011
After cleaning the infection, none of my browser will work.Firefox display this message: "The Proxy Server is Refusing Connection".IE displays an error as well.I can't even use Steam's (game client) browser to see what games they have available but I am able to sign on.I am sure my internet is working because I am able to log on to my Instant Messaging Program and chat with freinds and use a VoIP software to talk with friends without issue.The problem is happening on my "regular" windows account.My administrative account seems to be problem free as I am able to browse the net like I had before the infection.
View 11 Replies
View Related
Jul 15, 2011
I've got a weird problem that I can't figure out. I've de-authorized the switch in the RADIUS server to force an ERROR status to test the backup entries in the AAA authentication method list. However, after I do that and try to log in (through ssh), it just prompts me for my username's password and not the enable password. Here's the debug output:
1d02h: RADIUS: Marking server xxx.xxx.xxx.xxx:1812,1813 dead
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No valid server found. Trying any viable server
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No response for id 10
[code]...
View 14 Replies
View Related
May 23, 2011
I try to change password on the ASA 5520 device and its not getting changed.
FW(config)# enable password cisco1234(config)# end
After that I perform a write memory.
But somehow I relogin again the enable password still remain as the old enable password
version : 7.2(5)2.
View 5 Replies
View Related
Jan 12, 2012
We have ASA configured in multi context mode, with software 8.4(2) configured for AAA Configuration is admin context as follows:
aaa-server TAC protocol tacacs+
aaa-server TAC (management) host 10.162.2.201
key *****
aaa authentication enable console TAC LOCAL
aaa authentication http console TAC LOCAL
aaa authentication serial console TAC LOCAL
aaa authentication ssh console TAC LOCAL
Because of multiple context, after logging in we enter System context. Console port authentication is working fine except access to privileged mode while connecting over console port. After issuing "enable" command ASA accepts only configured enable secret in system context and changes user ID to enable_15, so we are unable to do user-level command authorization and accounting.It seems that ASA in system context is not aware of any AAA configuration, and there isn't any command to configure AAA in system context.Is there any way to configure enable authentication over AAA in system context?
View 3 Replies
View Related
Mar 11, 2013
Would like to check out is it possible binding Cisco secure ACS 5.x to support router/switch ios feature view - superview and parser command
Busines objective is assigning administrative roles, with different role based CLI access, using ACS5.X as backend server. a. Admin (allow all) b. network monitor (privlege # 7, enable view that can doing various show command and configure) c. support (privlege #1, read only)
View 2 Replies
View Related
Apr 11, 2013
I am trying to get users in the external identity store (AD) to be dropped directly into enable mode after being authenticated, since I don't know of a way to set an enable password for users in an external identity store. I think it has something to do with shell attributes but I'm not realy sure.
So here's what I tried.Linking identity group to external group and provide full command priviliges - enable still didn't work Creating duplicate users in the internal identity store and setting the password type field to AD1 - That gives me the ability to get to the enable password prompt hit enter on the blank promt then prompts for Old and new passwords but fails everytime with an Error in Authentication.
View 8 Replies
View Related
Jul 4, 2012
It´s possible to enable unconditional machine authentication in ACS 5.3.
View 1 Replies
View Related
Apr 7, 2011
When I launch Monitoring & Report Viewer and select one of the report (TACACS authorization for example) I want to filter the search with Interactive Viewer, but I can't cause all options are grayed. I've heared that some flash is needed but I've got plugins installed and nothing changed.
Can I run in in demo version? cause I've read that there is an add-on license which "Add-on licenses are available to support deployments that are larger than 500 devices (AAA clients) and to support advanced monitoring, reporting and troubleshooting functionality"
View 5 Replies
View Related
Jul 13, 2011
Is there a way to restore the device to factory settings. I tried the reset button with a paper clip.
View 2 Replies
View Related
Jan 17, 2012
I was trying to do a password recovery on a 1142 AP but enable password did not reset and I am stuck
AP model is AIR-AP1142N-A-K9
Running IOS c1140-k9w7-mx.124-21a.JA1
Its autonomous so there is no controller. I renamed the config.txt file I am unable to rename or delete the private-config file. I get the message that file or directory cannot be found when i try to rename and permission denied when I try to delete it.
View 12 Replies
View Related
Jun 17, 2011
how do i change the telnet and enable and vpn user password on asa 5570.
View 4 Replies
View Related
May 2, 2013
I have lost the "ENABLE" password on my 3750 switch.
View 5 Replies
View Related
