[tac_plus] tac_plus login and enable password issue

Ricki Z rz.bangka at yahoo.com
Mon Nov 28 04:58:15 UTC 2011


Hi All,



I have issue when i using enable password per user (not on global config with user $enab15$ etc.) and every user using different password for cisco enable on tac_plus server. Refer to the config that i send before i can using AAA for cisco devices with tac_plus but if i login using user1, then i can use password "user1" or "enauser1" and after login success, i can enter privilege mode using password "user1" or "enauser1" and same for user2. In normal condition should be i just can login using user1 with password "user1" (failed if using password "enauser1" and i just can enter priviledge mode using password "enauser1" (failed if using "user1").

user = user1 {
                default service = permit
                login = cleartext user1
                enable = cleartext enauser1
}

user = user2 {
                default service = permit
                login = cleartext user2
                enable = cleartext enauser2
}

And if i configure enable password per user and every user using the same enable password (like config below), all
 working like suppose to be it mean if i login using user1 i just can using password "user1" (can't using password "enapwd") and i just can enter priviledge mode using password "enauser" (can't using password "user1").
user = user1 {
                default service = permit
                login = cleartext user1
                enable = cleartext enauser
}

user = user2 {
                default service = permit
                login = cleartext user2
                enable = cleartext enauser
}

Need your advice for solve this issue.

Tx,
Ricki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20111127/71681cee/attachment.html>


More information about the tac_plus mailing list