Correct Tyson Authentication is configured for radius. Now if NAR rejects user account, you would get log message informing access denied. But the message thrown on the console will be "rejected" not "% Authorization failed". That is where I missed :-)
Yusef, Did you configure the same user account that you used on the radius server on the router with priv 15? With regards Kings On Sat, Sep 25, 2010 at 8:24 PM, Tyson Scott <[email protected]> wrote: > If he is doing local authorization no reports will show up in ACS for a > failure. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* Kingsley Charles [mailto:[email protected]] > *Sent:* Saturday, September 25, 2010 3:07 AM > *To:* Tyson Scott > *Cc:* yusef sheriff; [email protected] > > *Subject:* Re: [OSL | CCIE_Security] Radius Configuration with ACS 4.1 - > Vol1 Task 5.5 > > > > Go to Report and Activity and check for the fail attempts log. You can see > the reason for failure. > > Have you configured the user or group for NAR? > > > With regards > Kings > > On Sat, Sep 25, 2010 at 4:04 AM, Tyson Scott <[email protected]> wrote: > > If you are doing local authorization do you have the same user with same > password information configured locally? > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* yusef sheriff [mailto:[email protected]] > *Sent:* Friday, September 24, 2010 2:02 PM > *To:* Tyson Scott > *Subject:* Re: [OSL | CCIE_Security] Radius Configuration with ACS 4.1 - > Vol1 Task 5.5 > > > > It's Local. below is aaa config:- > > aaa new-model > ! > ! > aaa authentication login default none > aaa authentication login VTY group radius local > aaa authorization exec default none > aaa authorization exec VTY local > aaa accounting exec VTY start-stop group radius > > Regards, > Yusef > > On Fri, Sep 24, 2010 at 9:40 PM, Tyson Scott <[email protected]> wrote: > > What do you have configured for aaa exec authorization > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *yusef sheriff > *Sent:* Friday, September 24, 2010 1:13 PM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] Radius Configuration with ACS 4.1 - Vol1 > Task 5.5 > > > > Dear All, > > I am doing Vol1 - Task 5.5 struck up in configuring External database > configuration. In my ACS server v4.1 not finding *windows authentication > configuration under external database -> windows user database configuration > * *page.* However, aaa test is successfully authenticated with radius > server but if I do the telnet from R5 getting error authorization failed :- > > R8#test aaa group radius Ripuser1 p...@ssw0rd legacy > Attempting authentication test to server-group radius using radius > User was successfully authenticated. > > R8# > > -------------------------------------------------------------------------------------- > R5#telnet 5.8.8.8 > Trying 5.8.8.8 ... Open > > > User Access Verification > > Username: Ripuser1 > Password: > % Authorization failed. > > Kindly help me.. > > Thanks > > Regards, > Yusef > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
