Good afternoon to you all
I need your help please
I´m trying to make my cisco routers work with TACACS Plus in Linux. Anyway, I installed TACACS and configured as followed:
user = admin {
default service = permit
login = cleartext admin
}
user = userA {
login = cleartext userA
service = exec {
priv-lvl = 10
}
cmd = show {
permit "startup*"
}
cmd = ping {
permit .*
}
cmd = traceroute {
permit .*
}
}
Afterward I configured my cisco as followed:
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+
aaa authorization network default group tacacs+
And everything worked as it should: the user Admin had exec access and userA had the configured permissions in TACACS.
Problem is, I have to have local backup credentials in case there´s a problem with TACACS. Basically, whenever TACACS goes bye bye I have to use local credencials on the router to gain access to it.
I´ve tried to configure my router with an enable password:
enable secret backup
and changed this line in the router:
- aaa authorization exec default group tacacs+
into:
- aaa authorization exec default if-authenticated group tacacs+
It worked fine for the local credentials: I´ve turned off my TACACS server and I could gain access to the router with the password "backup".
Problem is, when I turned my TACACS server back on, whenever I tried to access my router with the users Admin and UserA I was able to enter the router, but not into exec mode.
I need to have my backup credential working, and maintain my users configured level access in TACACS Plus.
Any suggestions would be apreciated.
Thkx
I need your help please
I´m trying to make my cisco routers work with TACACS Plus in Linux. Anyway, I installed TACACS and configured as followed:
user = admin {
default service = permit
login = cleartext admin
}
user = userA {
login = cleartext userA
service = exec {
priv-lvl = 10
}
cmd = show {
permit "startup*"
}
cmd = ping {
permit .*
}
cmd = traceroute {
permit .*
}
}
Afterward I configured my cisco as followed:
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+
aaa authorization network default group tacacs+
And everything worked as it should: the user Admin had exec access and userA had the configured permissions in TACACS.
Problem is, I have to have local backup credentials in case there´s a problem with TACACS. Basically, whenever TACACS goes bye bye I have to use local credencials on the router to gain access to it.
I´ve tried to configure my router with an enable password:
enable secret backup
and changed this line in the router:
- aaa authorization exec default group tacacs+
into:
- aaa authorization exec default if-authenticated group tacacs+
It worked fine for the local credentials: I´ve turned off my TACACS server and I could gain access to the router with the password "backup".
Problem is, when I turned my TACACS server back on, whenever I tried to access my router with the users Admin and UserA I was able to enter the router, but not into exec mode.
I need to have my backup credential working, and maintain my users configured level access in TACACS Plus.
Any suggestions would be apreciated.
Thkx
