Kingsley, Yes your correct user account was mis-matched. Now I am lock out from ACS server unable to login with Administrator/cisco123. I don't know why
How do i reset the password of ACS server. Regards, Yusef On Sat, Sep 25, 2010 at 9:06 PM, Kingsley Charles < [email protected]> wrote: > Yusef, Tyson has already asked the question that I have asked :-) > > > On Sat, Sep 25, 2010 at 10:25 PM, Kingsley Charles < > [email protected]> wrote: > >> Correct Tyson >> >> Authentication is configured for radius. Now if NAR rejects user account, >> you would get log message informing access denied. But the message thrown on >> the >> console will be "rejected" not "% Authorization failed". That is where I >> missed :-) >> >> Yusef, >> >> Did you configure the same user account that you used on the radius server >> on the router with priv 15? >> >> >> With regards >> Kings >> >> >> On Sat, Sep 25, 2010 at 8:24 PM, Tyson Scott <[email protected]> wrote: >> >>> If he is doing local authorization no reports will show up in ACS for a >>> failure. >>> >>> >>> >>> Regards, >>> >>> >>> >>> Tyson Scott - CCIE #13513 R&S, Security, and SP >>> >>> Managing Partner / Sr. Instructor - IPexpert, Inc. >>> >>> Mailto: [email protected] >>> >>> Telephone: +1.810.326.1444, ext. 208 >>> >>> Live Assistance, Please visit: www.ipexpert.com/chat >>> >>> eFax: +1.810.454.0130 >>> >>> >>> >>> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >>> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >>> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >>> training locations throughout the United States, Europe, South Asia and >>> Australia. Be sure to visit our online communities at >>> www.ipexpert.com/communities and our public website at www.ipexpert.com >>> >>> >>> >>> *From:* Kingsley Charles [mailto:[email protected]] >>> *Sent:* Saturday, September 25, 2010 3:07 AM >>> *To:* Tyson Scott >>> *Cc:* yusef sheriff; [email protected] >>> >>> *Subject:* Re: [OSL | CCIE_Security] Radius Configuration with ACS 4.1 - >>> Vol1 Task 5.5 >>> >>> >>> >>> Go to Report and Activity and check for the fail attempts log. You can >>> see the reason for failure. >>> >>> Have you configured the user or group for NAR? >>> >>> >>> With regards >>> Kings >>> >>> On Sat, Sep 25, 2010 at 4:04 AM, Tyson Scott <[email protected]> >>> wrote: >>> >>> If you are doing local authorization do you have the same user with same >>> password information configured locally? >>> >>> >>> >>> Regards, >>> >>> >>> >>> Tyson Scott - CCIE #13513 R&S, Security, and SP >>> >>> Managing Partner / Sr. Instructor - IPexpert, Inc. >>> >>> Mailto: [email protected] >>> >>> Telephone: +1.810.326.1444, ext. 208 >>> >>> Live Assistance, Please visit: www.ipexpert.com/chat >>> >>> eFax: +1.810.454.0130 >>> >>> >>> >>> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >>> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >>> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >>> training locations throughout the United States, Europe, South Asia and >>> Australia. Be sure to visit our online communities at >>> www.ipexpert.com/communities and our public website at www.ipexpert.com >>> >>> >>> >>> *From:* yusef sheriff [mailto:[email protected]] >>> *Sent:* Friday, September 24, 2010 2:02 PM >>> *To:* Tyson Scott >>> *Subject:* Re: [OSL | CCIE_Security] Radius Configuration with ACS 4.1 - >>> Vol1 Task 5.5 >>> >>> >>> >>> It's Local. below is aaa config:- >>> >>> aaa new-model >>> ! >>> ! >>> aaa authentication login default none >>> aaa authentication login VTY group radius local >>> aaa authorization exec default none >>> aaa authorization exec VTY local >>> aaa accounting exec VTY start-stop group radius >>> >>> Regards, >>> Yusef >>> >>> On Fri, Sep 24, 2010 at 9:40 PM, Tyson Scott <[email protected]> >>> wrote: >>> >>> What do you have configured for aaa exec authorization >>> >>> >>> >>> Regards, >>> >>> >>> >>> Tyson Scott - CCIE #13513 R&S, Security, and SP >>> >>> Managing Partner / Sr. Instructor - IPexpert, Inc. >>> >>> Mailto: [email protected] >>> >>> Telephone: +1.810.326.1444, ext. 208 >>> >>> Live Assistance, Please visit: www.ipexpert.com/chat >>> >>> eFax: +1.810.454.0130 >>> >>> >>> >>> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >>> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >>> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >>> training locations throughout the United States, Europe, South Asia and >>> Australia. Be sure to visit our online communities at >>> www.ipexpert.com/communities and our public website at www.ipexpert.com >>> >>> >>> >>> *From:* [email protected] [mailto: >>> [email protected]] *On Behalf Of *yusef sheriff >>> *Sent:* Friday, September 24, 2010 1:13 PM >>> *To:* [email protected] >>> *Subject:* [OSL | CCIE_Security] Radius Configuration with ACS 4.1 - >>> Vol1 Task 5.5 >>> >>> >>> >>> Dear All, >>> >>> I am doing Vol1 - Task 5.5 struck up in configuring External database >>> configuration. In my ACS server v4.1 not finding *windows authentication >>> configuration under external database -> windows user database configuration >>> * *page.* However, aaa test is successfully authenticated with radius >>> server but if I do the telnet from R5 getting error authorization failed :- >>> >>> R8#test aaa group radius Ripuser1 p...@ssw0rd legacy >>> Attempting authentication test to server-group radius using radius >>> User was successfully authenticated. >>> >>> R8# >>> >>> -------------------------------------------------------------------------------------- >>> R5#telnet 5.8.8.8 >>> Trying 5.8.8.8 ... Open >>> >>> >>> User Access Verification >>> >>> Username: Ripuser1 >>> Password: >>> % Authorization failed. >>> >>> Kindly help me.. >>> >>> Thanks >>> >>> Regards, >>> Yusef >>> >>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >>> >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
