Hi everyone,
I need help in configuring both the TACACS+ server and the Network
Access Server (NAS). I am currently running the TACACS+ server on
Linux RedHat 7 with kernel 2.4.2. I am running the NAS on a cisco 2610
router with IOS 12.0.15 Enterprise plus with ipsec capability. I am running
TACACS server version tac_plus-F4.0.3.alpha-7. Here is the configuration
of the tacacs configuration file:
key = "helpme"
user = xyz {
member = admin
login = des 7bYbKxc
cmd = show { permit .* }
cmd = disconnect { permit .* }
}
user = abc {
member = admin
login = des YZdX64CcM
cmd = show { permit .* }
cmd = disconnect { permit .* }
}
user = def {
service = exec {
default attribute = permit
}
member = normal
login = des 3zz3A/3Nc7RCU
expires = "Mar 08 2002"
cmd = where { permit .* }
}
group = admin {
default service = permit
service = exec {
priv-lvl = 15
}
}
group = normal {
}
user = $enab15$ {
login = cleartext "Ineedhelp"
}
Here is the what I configure on the NAS:
aaa new-model
aaa authentication login usetacacs tacacs+ local enable
aaa authentication login usenone none
aaa authorization commands 1 usetacacs1 tacacs+
enable secret 5 $1gGfwBcXfakuNKYSV0
tacacs-server host 172.16.1.240
tacacs-server key helpme
line vty 0 4
authorization commands 1 usetacacs1
login authentication usetacacs
I would like to be able to make both users abc and xyz to be
able to go into the privilege mode (enable) each with their
own password. Right now, even though abc and xyz can
access the NAS, they have to share the enable secret
password which is something I like to avoid. How can I
make this happen? What am I doing wrong here? Please
help... I am desperate...
Many thanks.....
Harry
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
