IPv6 Proxies: Trouble with Tacacs.net authorization

Monday, August 27, 2018

Trouble with Tacacs.net authorization

Hello, I was wondering if anyone here had any experience using tacacs.net for TACACS+ authorization and assigning a privilege level to authorized users. The Authentication piece is working fine and I have it pointed to Active directory. However I can't get authorization to work and haven't found anything useful via google. The error I get when logging in via SSH is "no authorization entry found for X user." My account authenticates under the NetworkAdmins user group. When I change the authorization config file to authorization.old it lets me in and assigns privilege level 15, so I assume the problem is with the authorization config.

Cisco 2960S AAA config:

aaa new-model

aaa authentication login AAA group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec AAA group tacacs+ local if-authenticated

aaa authorization commands 15 AAA group tacacs+ local if-authenticated

aaa accounting exec AAA start-stop group tacacs+

aaa accounting commands 15 AAA start-stop group tacacs+

aaa session-id common

line vty 0 15

exec-timeout 30 0

authorization commands 15 AAA

authorization exec AAA

Tacacs.net Authentication config:

<?xml version="1.0" encoding="utf-8"?>

<Name>NetworkAdmins</Name>

<AuthenticationType>Windows_Domain</AuthenticationType>

</UserGroup>

Tacacs.net Authorization config:

<?xml version="1.0" encoding="utf-8"?>

<UserGroups>

<UserGroup>NetworkAdmins</UserGroup>

</UserGroups>

</AutoExec>

<Shell>

</Shell>

</Authorization>

Any Help would be greatly appreciated.

IPv6 Proxies

Monday, August 27, 2018

Trouble with Tacacs.net authorization

No comments:

Post a Comment

Popular Posts