Cisco ASA RADIUS Authentication for Enable Mode?

I was able to get access via SSH to my ASA via Radius authentication but can't get into enable mode. It is prompting me for a password and telling me the password is wrong. How do I get it to grant me access without prompting for a password a second time?

My Setup:

ASA#  sh run | include aaa
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 100.135.208.8
aaa authentication match FIOS_authentication FIOS DC
aaa authentication http console RADIUS LOCAL
aaa authentication ssh console RADIUS LOCAL
aaa authentication telnet console RADIUS LOCAL
aaa local authentication attempts max-fail 10


My failure:



login as: bgates
mthomas@172.200.21.10's password:
This is a private network.
Access beyond this point is for authorized personell only.
Unauthorized access will be prosecuted to the full extent of the law.
We thank you for respecting our privacy.
Type help or '?' for a list of available commands.
ASA> en
Password: **********
Invalid password
Password:
LVL 1
First LastAsked:
Who is Participating?
 
SouljaConnect With a Mentor Commented:
Now that I think about it. I think this is how ASA's are. I get them confused with routers sometimes. I don't think you can enter priv mode directly on ASA's. You will always be prompted.
0
 
SouljaCommented:
Does the radius account have the privilages for enable mode?
0
 
First LastAuthor Commented:
Soulja -

Yes, the radius account has the privilages for enable mode. I just got it to work, but now what would I do if I don't want to be prompted for the password when entering privileged enable mode?

0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
SouljaCommented:
Did you change anything in the config or were you putting in the wrong password?
0
 
First LastAuthor Commented:
What i've noticed is if I uncheck the enable box under "require authentication to allow use of privileged mode commands" is that i'm still prompted for a password, but it now accepts a blank password then takes me to privilege mode. This is much better than typing the password twice, but do you know how to remove the password prompt all together?


login as: bgates
bgates@17.202.21.10's password:
This is a private network.
Access beyond this point is for authorized personell only.
Unauthorized access will be prosecuted to the full extent of the law.
We thank you for respecting our privacy.
Type help or '?' for a list of available commands.
ASA> en
Password:
ASA#

Untitled.jpg
0
 
First LastAuthor Commented:
Soulja - I didn't change anything in the config. All i noticed is that I didn't have the box in the image above checked so I tried a blank password for privileged mode and it let me in! Now I'd like to just remove the prompt.
0
 
DanJCommented:
type login
you will be prompted for the credentials again.
enable does not het authenticated via radius.
0
 
SouljaCommented:
Can you post a picture of your authorization tab.
0
 
First LastAuthor Commented:
0
 
SouljaCommented:
Can you check enable under Perform  Authorization for Exec Shell Access. Let me know if that help.
0
 
First LastAuthor Commented:
Soulja

I enabled Perform  Authorization for Exec Shell Access. The login experience was the same. It accepted my radius username and password, then logging into privileged mode it accepted a blank password. This is good enough for me. I do thank you very much.  
0
 
First LastAuthor Commented:
Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.