Unsolved
This post is more than 5 years old
13 Posts
0
51199
Disable "enable" login with TACACS
Hello,
Switch Model - PowerConnect 6248P
I am trying to login with TACACS.
after entering username and password I was asked to put "ENABLE" password.
how can i disable this request ? and only use username and password (TACACS).
thanks,
IB.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
February 10th, 2014 07:00
Hi,
Try to change the aaa authentication enable setting, page 193 of the CLI guide. ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/powerconnect-6248_Reference%20Guide_en-us.pdf
This should allow you to set tacacs as the method for elevated privileges instead of having a separate enable password. You may also need to disable the need for an enable password with the command no enable authentication.
IB-EN1
13 Posts
0
February 11th, 2014 03:00
Hi,
I am still getting enable prompt when i try connect via telnet.
also i trying delete "no enable authentication NoneEN" on line telnet - but after username + password i am still getting the > enable promt
attached configuration :
#### SW-NET-A ###
User:tacacs
Password:***********
SW-A1>enable
Password:
SW-A1#
line telnet
exec-timeout 5
login authentication LoginProf
enable authentication NoneEN
exit
aaa authentication login "LoginProf" tacacs local
aaa authentication enable "NoneEN" enable
no enable password
thanks,
IB
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
February 11th, 2014 07:00
aaa authentication enable "NoneEN" enable
is enabling the enable password
Try
no aaa authentication enable "NoneEN"
or
aaa authentication "tacacs" tacacs
Ramesh Babu A
1 Message
0
October 1st, 2017 20:00
Dear Team,
I am tried following config, but no luck, hence could you please suggest me. Its very urgent to enable TACAC to my device. Hence kindly do the needful.
aaa authentication login "networkList" tacacs local
ip http authentication tacacs local
ip https authentication tacacs local
tacacs-server host 10.xx.x.5
timeout 1
key "cxxxrp"
priority 20
exit
tacacs-server host 10.xx.2.5
timeout 1
key "cxxxrp"
priority 10
exit
tacacs-server key "cxxxrp"
ip ssh server
ip ssh pubkey-auth
Pragatheesh
1 Message
1
November 10th, 2017 04:00
Hi Ramesh,
Please try the following and let me know if it works for you.
switch(config)#aaa authentication enable enablelist none
switch(config)#aaa authentication login loginlist tacacs local
The above are the login and enable lists, now please apply them to the line as below
switch(config)#line ssh
switch(config-line)#login authentication loginlist
switch(config-line)#enable authentication enablelist
Authentication methods are now created and applied to the virtual terminal line. Please initiate a separate ssh connection and try login with your tacacs credentials.
NOTE:- Before successful testing, please do not close the existing terminal session. Closing the active session may lead to a complete login lockdown.
Kind regards,
Praga
tonyhess
5 Posts
0
January 17th, 2019 07:00
This is very simple. If you want no password on the enable prompt set it to none.
aaa authentication enable default none
the above command sets enable authentication to none.
So your two commands for tacacs would be..
aaa authentication enable default none
aaa authentication login default tacacs+ local