[tac_plus] tac_plus login and enable password issue
Ricki Z
rz.bangka at yahoo.com
Mon Nov 28 04:58:15 UTC 2011
Hi All,
I have issue when i using enable password per user (not on global config with user $enab15$ etc.) and every user using different password for cisco enable on tac_plus server. Refer to the config that i send before i can using AAA for cisco devices with tac_plus but if i login using user1, then i can use password "user1" or "enauser1" and after login success, i can enter privilege mode using password "user1" or "enauser1" and same for user2. In normal condition should be i just can login using user1 with password "user1" (failed if using password "enauser1" and i just can enter priviledge mode using password "enauser1" (failed if using "user1").
user = user1 {
default service = permit
login = cleartext user1
enable = cleartext enauser1
}
user = user2 {
default service = permit
login = cleartext user2
enable = cleartext enauser2
}
And if i configure enable password per user and every user using the same enable password (like config below), all
working like suppose to be it mean if i login using user1 i just can using password "user1" (can't using password "enapwd") and i just can enter priviledge mode using password "enauser" (can't using password "user1").
user = user1 {
default service = permit
login = cleartext user1
enable = cleartext enauser
}
user = user2 {
default service = permit
login = cleartext user2
enable = cleartext enauser
}
Need your advice for solve this issue.
Tx,
Ricki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20111127/71681cee/attachment.html>
More information about the tac_plus
mailing list