Re: [fw-wiz] Login straight to priv mode in PIX with TACACS server



Michel,

If you set the PIX to use tacacs+ and then local it will use local if
it cannot contact the TACACS+ server, The easiest way to make sure it
cannot contact the TACACS+ server is to remove the network cables.

On 6 February 2010 15:32, Michel Ferreira <michelf@xxxxxxxxx> wrote:
Hi,

I've successfully configured my PIX 506E (6.3) to authenticate with my
TACACS+ Server (ACS 4.1), however I want to know if there's any way to
put the user straight in priv mode (enable) just after login, without
the need to input the 'enable' command.

I'm questioning this because I don't want to include the "aaa
authentication enable console tacacs+ LOCAL" command, since with this
command if I need console access I still will be authenticating
against the TACACS+ server, which, in a emergency situation (like one
that i need to physically connect a console cable to the firewall)
I'll be using the remote authentication, and I don't want that.

Thanks for your considerations,

Michel
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: TACACS+ vs. RADIUS
    ... roll-out two-factor authentication you should go with radius. ... support TACACS+, ... IAS server. ...
    (Security-Basics)
  • [fw-wiz] Login straight to priv mode in PIX with TACACS server
    ... TACACS+ Server, however I want to know if there's any way to ... authentication enable console tacacs+ LOCAL" command, ... I'll be using the remote authentication, ...
    (Firewall-Wizards)
  • Re: TACACS
    ... > I would like to know how to implement WIN2000 with TACACS+ ... > We want to authenticate AD Users into Cisco devices in ... server included with all Win2000+ Servers: ...
    (microsoft.public.win2000.active_directory)
  • Need help: TACACS+
    ... We are planning to use TACACS+ for user authentication of an application serve. ... With go global server, PAM and TACACS+ ... Server2 with authentication database ...
    (freebsd-questions)
  • Re: Binding of TACACS Authentication Server with Exchange.
    ... Maker of that TACACS should provide detailed installation instruction. ... My company want to bind TACACS+ Server with Exchange server. ... Dont have much of Idea how to Bind Exchange Server with TACACS+ Server, and how exchange users will get authenticated by TACACS Server. ...
    (microsoft.public.exchange.admin)