Filter
Top Products
Appendix A Troubleshooting Information for Cisco Secure ACS
Cisco IOS Issues
A-4
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Cisco IOS Issues
Condition Recovery Action
Under EXEC Commands,
Cisco IOS commands are not
being denied when checked.
Examine the Cisco IOS configuration at the AAA client. If not
already present, add the following Cisco IOS command to the AAA
client configuration:
aaa authorization command <0-15> default group TACACS+
The correct syntax for the arguments in the text box is
permit argument or deny argument.
Administrator has been locked
out of the AAA client because of
an incorrect configuration being
set up in the AAA client.
Try to connect directly to the AAA client at the console port. If that
is not successful, consult your AAA client documentation or go to
Cisco.com regarding password recovery procedures on your AAA
client. For more information, see the “Cisco.com” section on
page xxxiii.
IETF RADIUS attributes not
supported in Cisco IOS 12.0.5.T
Cisco incorporated RADIUS (IETF) attributes in Cisco IOS
Release 11.1. However, there are a few attributes that are not yet
supported or that require a later version of the Cisco IOS software.
The following attributes fall into this category:
Number—Attribute Supported
17—Change Password 11.3
21—Password-Expiration 11.3
35—Login-LAT-Node No
36—Login-LAT-Group No
AAA client times out when
authenticating against
Windows NT/2000.
Increase the TACACS+ timeout interval from the default, 5, to 20.
Set the Cisco IOS command as follows:
tacacs-server timeout 20