[c-nsp] aaa different for console logins? - Jon Lewis - net.nether.puck.cisco-nsp

10 messages in net.nether.puck.cisco-nsp[c-nsp] aaa different for console log...

From	Sent On	Attachments
Jon Lewis	Jan 11, 2005 2:17 pm
Jon Lewis	Jan 11, 2005 3:08 pm
Oliver Boehmer (oboehmer)	Jan 11, 2005 3:34 pm
John Lyons	Jan 11, 2005 3:50 pm
Jon Lewis	Jan 11, 2005 8:50 pm
Oliver Boehmer (oboehmer)	Jan 12, 2005 4:11 am
Jon Lewis	Jan 12, 2005 7:04 am
Oliver Boehmer (oboehmer)	Jan 12, 2005 7:36 am
Jon Lewis	Jan 12, 2005 8:18 am
Oliver Boehmer (oboehmer)	Jan 12, 2005 8:30 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	[c-nsp] aaa different for console logins?	Actions...
From:	Jon Lewis (jle...@lewis.org)
Date:	Jan 12, 2005 7:04:44 am
List:	net.nether.puck.cisco-nsp

On Wed, 12 Jan 2005, Oliver Boehmer (oboehmer) wrote:

Ack. But please make sure to define appropriate fallback methods. So in your case, I would replace aaa authorization exec default group radius local by aaa authorization exec default group radius if-authenticated

I.e. when Radius is not available, authorization succeeds if the user has authenticated.

I'll test this, but my impression was that with the local on the end, when radius is unavailable, locally defined usernames are used and the enable secret is still used when enabling from an exec level local user.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: