Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2198
  • Last Modified:

Cisco ASA RADIUS Authentication for Enable Mode?

I was able to get access via SSH to my ASA via Radius authentication but can't get into enable mode. It is prompting me for a password and telling me the password is wrong. How do I get it to grant me access without prompting for a password a second time?

My Setup:

ASA#  sh run | include aaa
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 100.135.208.8
aaa authentication match FIOS_authentication FIOS DC
aaa authentication http console RADIUS LOCAL
aaa authentication ssh console RADIUS LOCAL
aaa authentication telnet console RADIUS LOCAL
aaa local authentication attempts max-fail 10


My failure:



login as: bgates
mthomas@172.200.21.10's password:
This is a private network.
Access beyond this point is for authorized personell only.
Unauthorized access will be prosecuted to the full extent of the law.
We thank you for respecting our privacy.
Type help or '?' for a list of available commands.
ASA> en
Password: **********
Invalid password
Password:
0
First Last
Asked:
First Last
  • 6
  • 5
1 Solution
 
SouljaCommented:
Does the radius account have the privilages for enable mode?
0
 
First LastAuthor Commented:
Soulja -

Yes, the radius account has the privilages for enable mode. I just got it to work, but now what would I do if I don't want to be prompted for the password when entering privileged enable mode?

0
 
SouljaCommented:
Did you change anything in the config or were you putting in the wrong password?
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
First LastAuthor Commented:
What i've noticed is if I uncheck the enable box under "require authentication to allow use of privileged mode commands" is that i'm still prompted for a password, but it now accepts a blank password then takes me to privilege mode. This is much better than typing the password twice, but do you know how to remove the password prompt all together?


login as: bgates
bgates@17.202.21.10's password:
This is a private network.
Access beyond this point is for authorized personell only.
Unauthorized access will be prosecuted to the full extent of the law.
We thank you for respecting our privacy.
Type help or '?' for a list of available commands.
ASA> en
Password:
ASA#

Untitled.jpg
0
 
First LastAuthor Commented:
Soulja - I didn't change anything in the config. All i noticed is that I didn't have the box in the image above checked so I tried a blank password for privileged mode and it let me in! Now I'd like to just remove the prompt.
0
 
DanJCommented:
type login
you will be prompted for the credentials again.
enable does not het authenticated via radius.
0
 
SouljaCommented:
Can you post a picture of your authorization tab.
0
 
First LastAuthor Commented:
0
 
SouljaCommented:
Can you check enable under Perform  Authorization for Exec Shell Access. Let me know if that help.
0
 
First LastAuthor Commented:
Soulja

I enabled Perform  Authorization for Exec Shell Access. The login experience was the same. It accepted my radius username and password, then logging into privileged mode it accepted a blank password. This is good enough for me. I do thank you very much.  
0
 
SouljaCommented:
Now that I think about it. I think this is how ASA's are. I get them confused with routers sometimes. I don't think you can enter priv mode directly on ASA's. You will always be prompted.
0
 
First LastAuthor Commented:
Thank you.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now