Our config is:
aaa-server tacacs protocol tacacs+
aaa-server tacacs (interface) host tacacs1.our.fqdn
key ***
aaa-server tacacs (interface) host tacacs2.our.fqdn
key ***
aaa authentication enable console tacacs LOCAL
aaa authentication http console tacacs LOCAL
aaa authentication ssh console tacacs LOCAL
aaa authorization command LOCAL
aaa authorization exec authentication-server
Did you enable trace level 5 in radiator and checked the logs?
Cheers, Alex
Am 2011-12-12 18:40, schrieb Connolly, Robert T.:
Hi Alex,
I work with Steve Kim. This is what I am using on the ASA
for authentication and authorization, where radiator-1 is the group
name I use:
aaa authorization exec authentication-server
aaa authentication telnet console radiator-1 LOCAL
aaa authentication http console radiator-1 LOCAL
aaa authentication ssh console radiator-1 LOCAL
aaa authentication serial console radiator-1 LOCAL
Am I missing anything?
Thank you.
Robert
*Robert T. Connolly, *MBA**
Information Systems
Senior Network Specialist
Davis Polk & Wardwell LLP
450 Lexington Avenue
New York, NY 10017
212 450 6185 tel
robert.conno...@davispolk.com <mailto:robert.conno...@davispolk.com>
Davis Polk
------------------------------------------------------------------------
Confidentiality Note: This email is intended only for the person or
entity to which it is addressed and may contain information that is
privileged, confidential or otherwise protected from disclosure.
Unauthorized use, dissemination, distribution or copying of this email
or the information herein or taking any action in reliance on the
contents of this email or the information herein, by anyone other than
the intended recipient, or an employee or agent responsible for
delivering the message to the intended recipient, is strictly
prohibited. If you have received this email in error, please notify
the sender immediately and destroy the original message, any
attachments thereto and all copies. Please refer to the firm's privacy
policy
<http://www.davispolk.com/files/uploads/davispolk.master.privacypolicy.sep10.pdf>
located at www.davispolk.com <http://www.davispolk.com/> for important
information on this policy.
*From:*radiator-boun...@open.com.au
[mailto:radiator-boun...@open.com.au] *On Behalf Of *Alexander Hartmaier
*Sent:* Monday, December 12, 2011 12:11 PM
*Cc:* radiator@open.com.au
*Subject:* Re: [RADIATOR] TACACS+ and CISCO ASA
Did you enable tacacs authentication and authorization on the ASA?
Am 2011-12-12 18:06, schrieb Kim, Steve:
Alex,
Thanks for the reply.
The issue that I have is it prompts another authentication on ASA.
I'm same config as you listed which works fine with routers and switch.
This is config that I'm using:
AuthorizeGroup netadmin permit service=shell cmd\* {priv-lvl=15}
AuthorizeGroup netadmin permit .*
Is there anything that I need to do on ASA?
Thanks,
Steve.
*From:*radiator-boun...@open.com.au
<mailto:radiator-boun...@open.com.au>
[mailto:radiator-boun...@open.com.au] *On Behalf Of *Alexander Hartmaier
*Sent:* Monday, December 12, 2011 11:36 AM
*To:* radiator@open.com.au <mailto:radiator@open.com.au>
*Subject:* Re: [RADIATOR] TACACS+ and CISCO ASA
Yes, working here fine since years, what problems are you encountering?
config:
AuthorizeGroup Admins permit service=shell cmd\* {priv-lvl=15}
Best regards, Alex
Am 2011-12-12 17:34, schrieb Kim, Steve:
Does anyone try CISCO ASA authentication with TACACS+?
I have TACACS+ working with CISCO routers and switch, but not on ASA.
If anyone has this working, can you share what you did?
Thanks,
Steve.
_______________________________________________
radiator mailing list
radiator@open.com.au <mailto:radiator@open.com.au>
http://www.open.com.au/mailman/listinfo/radiator
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may
be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
