ACSE - Logging into Privileged Mode

Similar Messages

• TACACS+ not log into privilege mode

  With the same TACACS+ account, I observed different behavior on different routers.
  On some routers, it automatically goes into privilege mode (enable mode).  On others, it doesn't.
  Router config is as below.  What debug I need to turn on to troubleshoot this problem?  Thanks!
  aaa new-model
  aaa group server tacacs+ corp
   server-private x.x.x.x key 7 12383525115F07123B
   server-private y.y.y.y key 7 052A363D2218451F08
   ip vrf forwarding corp
  aaa authentication login default group corp local-case
  aaa authorization exec default group corp if-authenticated
  aaa authorization commands 15 default group corp if-authenticated
  aaa accounting exec default
   action-type start-stop
   group corp

  To force you computer into safe mode you will need to edit the boot.ini file if you are unable to use F8 Boot-Time screen.
  Append your boot.ini file with the following switches:
  Mode: Safe Mode
       Switch: /safeboot:minimal
  Mode: Safe Mode with Networking
       Switch: /safeboot:network
  Mode: Safe Mode with Command Prompt
       Switch: /safeboot:minimal(alternateshell)
  So it will look something like the following:
   [boot loader]
     timeout=30
     default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
     [operating systems]
     multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP" /fastdetect /SAFEBOOT:MINIMAL
  **REMEMBER** 
  Editining this file can be dangerous and can cause the system to be unbootable if you get something wrong.
  There is no reason why the F8 command shouldnt work, Just keep tapping it as soon as the PC POSTs
  To Disable Automatic Reboot on a BSOD:
  1. From the desktop right click on My Computer.
  2. Click the Properties option.
  3. In the System Properties window click the Advanced tab.
  4. In Advanced click the Settings button under Startup and Recovery.
  5. In the Startup and Recovery window uncheck the Automatically restart check box.
  6. Click Ok.
  Hope This Helps

• Login to directly into "privilege mode"

  Hi All,
  I have created users and given them telnet access to router 7200.
  They have full privilges(15) but everytime they login they login into user-exec mode instead of privilege mode.
  Is there a way to skip user-exec mode and allow the users to login directly into privilge mode so they dont have to enter password twice?
  Thanks!!

  Opening a new thread might be a good idea - though at this point we have gone far enough (and I am not sure how much further this discussion will go) that we might as well just continue this thread.
  While IOS devices have mechanisms that will allow you to configure that a user goes directly into privilege mode I do not believe that this works on the ASA - at least for the command line. If you login to ASDM to manage the ASA you will go directly to privilege mode. But for command line (SSH, telnet, etc) you will go to user mode and be required to enter another password for privilege mode. I do not know a way to get around that for ASA command line.
  HTH
  Rick

• Cannot log into any GUI modes and need to reinstall OSX

  Hi all,
  I've been having issues with my iMac 27" i7 desktop which I purchased back in 2011 with OSX Lion.
  I recently updated to OSX Mavericks and have some issues which I am trying to resolve.
  I have been working through troubleshooting with the Apple Support team as it is still covered by the extended warranty that I purchased with the system.  Unfortunately it appears that we have come to the end of their technical support capabilities and I have no resolution.   Here is a quick breakdown of the situation:
  While doing some gaming in a Bootcamp copy of Windows 7 the computer froze and displayed a green screen with vertical lines and was unresponsive.
  Rebooted the machine into OSX Mavericks (upgraded about a month ago from Lion) and after the Apple symbol and loading wheel, when the machine went to display my desktop it froze with a completely white screen.
  Tried to reboot back into Windows 7 and when it went to display the desktop it went to a grey screen with vertical lines.
  Called the Apple Support line who advised me how to log into Safe Mode.   This worked ok and then I rebooted into OSX properly and my desktop displayed albeit running very slow.
  Backed up my data and then while doing some web browsing the computer locked up and went to a blank screen.
  Called the Apple Support line who took me into Recovery Mode and got me to Verify the Disk and Verify Disk Permissions.  Also advised me to run Apple Hardware Test.
  Ran Apple Hardware Test and it said that there are "no problems"
  Booted back into OSX which worked ok but still very slow.
  During a data transfer the computer locked up with a black screen and the rainbow spinning wheel and was unresponsive.
  After a few attempts I was able to log back in and complete my backup of crucial files.
  Yesterday I went to boot the computer and it again gets to point after the Apple symbol and loading wheel where it would display my desktop and goes to blank screen.  Apple Support advised that the next step for testing purposes is to format the HDD and reinstall OSX.
  No matter whether I am trying to boot into OSX, Safe Mode, Recovery Partition or Internet Recovery (I have tried all numerous times) whenever it gets to a point where the GUI would be displayed the machine locks up and I get a blank white screen.  I logged into Single-User Mode and ran a file system check which came up ok and I have run AHT again which came up ok as well, however considering that it doesn't matter where I boot to the same error occurs I believe that the issue is probably hardware related rather than software.  I have also followed the instructions to clear the PVRAM
  I have booted to OSX using Verbose mode and noticed that there are a number of SMC errors and other messages indicating that there may be some software issues, so I am trying to troubleshoot those before I take the machine to the Authorised Apple Repair Centre
  I have created an OSX Mavericks Boot USB but that comes up with a white screen as well if I boot to it.
  I'm not sure if it will help, but I can select my recovery partition (OSX Base System) during boot and load into single user mode there.   I'm curious whether (and how) to run diskutils from there to verify disk and permissions for my primary partition (lets call it "Lion").  Then erase the disk and reinstall OSX from my boot USB.

  You have to start the miniSAP instance before you can log in to it.
  On your desk top there should be an icon 'start SAP WA1' start that, and leave the DOS window running until you are finished.
  If you get messages in the DOS window saying processes died check that MS loopback is running.
  MattG.

• UEFI bios boot into safe mode w/o msconfig or F8

  Hi, thanks in advance for taking the time to answer.  First off I'm using an ASUS motherboard with UEFI bios on windows 7 64bit.
  I'm having trouble with my user account being corrupted and cannot be logged into.  I've already looked up how to fix this issue but it requires me logging into safe mode to do so. 
  I am aware of the 2 common methods people are prescribing (msconfig and F8) but neither are an option in this situation it seems.
  Being that I can't log in, and I do not have a second admin account, I cannot use the msconfig method.  I've already tried hitting F8 during start and it just gives me the option to either boot my HD or enter bios.  I also went through the bios
  options and didn't see anything there either.  There's got to be another method than the two I've previously mentioned, right?  Or am I just missing something simple here?
  == edit ==
  == Solved problem myself ==
  heres how for those with same problem:  after hard restarting my computer quite a few times (apparently its SUPPOSED to do this each time but other folks on the internet and myself find it to only work 40% or less) it went into automatic repair mode. 
  after that ran through, to no avail (BIG surprise), it allowed me to enter Command Prompt mode outside of windows.  there I was able to enable a safe mode boot loop so each time my computer boots it automatically goes into safe mode.  fixed what
  i needed and undid the safe mode loop in msconfig.
  back to business as usual!  woot woot

  Asus boards BIOS Boot Menu key is F8... this is annoying if you use their boards with Windows installed, as it is also the key for getting the Windows boot menu.
  What needs to be done is use the F8 to get the menu, select the hard disk (or boot manager if EFI) and then start hitting F8 after you press enter on the boot device. This is the easiest way I've found, as trying to guess when the boot is handed off from
  the board to Windows is hit and miss.

• Setting privilege level for logging into ASA through ACS

  Hi!,
  In my environment i implemented AAA for logging into switches, routers, asa etc through ACS which is being configured TACACS+.
  I have set different privilege levels like readonly, readwrite etc into ACS. There are working fine when i try to login into switch or router.
  But in ASA i am unable to restrict the privilege levels of different users.
  Can someone plz guide me with ASA & ACS setting to solve this issue!!!!!

  Hi!!
  I tried this option. It is working fine with routers & switches. But for ASA privilege access it is not functioning.
  I created 3 profiles in "Shared Profiles" & added 1 of them in Group setting & added users to this group with mentioning group authentication. This way i am able to control access to the switches & routers with proper privilege. But the same way when i tried to impolement ASA it's not happening.
  Can u plz check it out...

• Log into Device with AAA, how do I get right into enable mode?

  I am using a Cisco ACS server with an RSA server behind it. When the user is authenticated from the ACS server, I want them to go straight into enable mode, not have to type the enable mode password. What line am I missing?
  aaa authentication login ACS group ACS_servers local enable
  aaa authorization exec ACS group ACS_servers local
  aaa authorization commands 15 ACS group ACS_servers local
  aaa accounting commands 1 default start-stop group ACS_servers
  aaa accounting commands 15 default start-stop group ACS_servers
  line vty 0 5
  login authentication ACS
  authorization commmands 15 ACS

  The configuration in question is for telnet, but I do need to design my new console access connection. Console access would be either remotely or on-site, but I don't feel comfortable giving priv 15 right into it. I plan to use the same authentication method on the console (ACS group 1st, local database 2nd) and will just have to enter the enable password through the console.
  One more question on the aaa config, I kept getting this error in the log:
  AAA/AUTHOR: config command authorization not enabled
  So I added:
  aaa authorization config-commands
  I don't know if it was needed because I could still execute config-commands, but it kept giving me that warning if I didn't have that line.
  Also, do I really need this line if the ACS server is taking care of priv 15 authorization:
  aaa authorization commands 15 ACS if-authenticated

• How do I prevent users from logging into my machine in single user mode?

  I established an standard accounts for my family.  My son figured out that if he logs into the machine in Single User mode that he logs in as the root user.  He then proceeded to create another user with administrative privileges and change his account to administrator then delete the other account.  Funny thing about this is that as much as OS X is secure from outside threats a simple command-s gets you right into the very heart of the machine......

  You can set a firmware password. The firmware password only allows you to start up in normal mode, so if you try to start in single-mode user or safe mode, your Mac will ask you for a password.
  The process to turn it on depends on the OS X version you have. Open  > About this Mac, check the Mac OS X version and follow the steps depending on your OS X version.
  If you have 10.7 or 10.8:
  1. Hold Command and R keys while your Mac is starting up.
  2. After starting up into OS X Utilities, go to Utilities menu (on the menu bar) > Firmware Password Utility, and enable the firmware password.
  3. Restart the Mac.
  If you have 10.6 or older:
  1. Insert the Mac OS X disc and hold the C key while your Mac is starting up.
  2. Choose your language, go to Utilities menu (on the menu bar) > Firmware Password Utility, and enable the firmware password.
  3. Restart the Mac.
  Also, this will protect your Mac against thieves because they won't be able to erase the hard drive without knowing the firmware password. Don't forget the password, because only Apple can reset it if you don't know this password

• Logging directly into enable mode on a PIX using TACACS

  I have setup TACACS authentication on a PIX running 6.3(3). I can authenticate using TACACS just fine, but do not get put directly into enable mode. The ACS server is setup to do so, it works for routers and switches, but not the PIX box. If I put the "aaa authentication enable console TACACS" in the config I must enter the enable command and use the same password I logged in with to get into enable mode. Without the command, I have to use the configured enable secret password to get into the enable mode.
  Does anyone know it there is a way to configure the PIX to log someone directly into enable mode via TACACS?
  Thanks in advance

  Hi,
  PIX does not support exec authorization. Hence user cannot login to level 15 directly.
  Regards,
  Vivek

• Since I have updated to Firefox version 5, my Firefox browser just hangs when I am logged in to my laptop without Admin privilege. If I am logged into my laptop as Admin then Firefox is working well is this a known issue.

  Since I have updated to Firefox version 5, I cannot use Firefox on my laptop as a normal user without Admin privilege. Whenever I try to run Firefox, the browser window just says connecting and hangs. It looks like it also uses all the CPU and stops all other processes on the computer. Even the computer clock stops working.
  If I am logged into my laptop as Admin then Firefox works well as it used to with previous versions. I am using Windows XP service pack 3.

  Hi Tylerdowner -
  Thanks for your suggestion.
  I already tried a Reset, but all that did was lose all my settings , search engines etc. and one or two add-ons - as expected.
  I also already tried updating my graphics driver - both manually, and with Windows Update (Automatic Updates is set to ON anyway, and I've checked the optional ones as well, and though there was nothing relevant there, I installed most of them anyway!) Apparently I'm using the most up-to-date and appropriate driver already!
  Oh dear........
  Going to try turning off hardware acceleration next....

• I got a Macbook Air. My system language is russian but the login password is english. I pu the laptop into sleep mode, then wanted to log in again, but the language seems to have switched to russian, there's no language change button! How do I log in now?

  I got a Macbook Air. My system language is russian but the login password is english. I put the laptop into sleep mode, then wanted to log in again, but the language seems to have switched to russian, there's no language change button! How do I log in now?

  Severia,
  I tried your solution, but it did not work with my laptop. After I restart the laptop, the language does not change and I cannot type the password in English language. Do you have any other suggestion?
  Thank you.

• I am not able to see "Edit Mode on" when i log into workspace...

  I am not able to see "Edit Mode on" when i log into workspace...through Weblogic user...Oracle BPM 11g

  If your trying to put pictures that are on your phone to your computer you import it see link below
  http://support.apple.com/kb/HT4083

• Trying to log into firefox but keep getting firefox is in offline mode and can't browse the web, I've unchecked the work offline in the file menu but still get error message...

  trying to log into firefox but keep getting firefox is in offline mode and can't browse the web, I've unchecked the work offline in the file menu but still get error message...

  The work offline option can be found from Firefox button -> Web developer or from the menubar toolbar -> Work offline (Or at least thats what happens in Windows).
  Have you any other reason for being offline; router off, firefox not dialing up or whatever. Or is security software or a firewall blocking firefox, or a network connection, or firefox setting etc set wrongly.
  See also
  *[[cannot connect after upgrading firefox]]
  *[[options window - advanced panel]]
  * [[error loading web sites]]

• My computer will, at random times, almost or completely go into screensaver mode, and either go black for a few seconds, start my screensaver, or go directly to the 'log back in' screen.

  This happens when I'm literally DOING something, like typing or moving my mouse. When I'm in no way not doing anything on my computer. Any thoughts on why?
  Specs: Version 10.6.7, 2.13GHz Intel Core 2 Duo, 4 GB.

  This might sound silly, but I'd check your Exposé settings: System Preferences > Exposé & Spaces > Exposé
  It's just possible you've set up a hot corner to put your computer into sleep mode when the mouse wanders in that direction.
  Bob

• Can't log into db console (insufficient privileges error at log in screen).

  I have two system I just rebuilt and one server with same users and grants logs in fine, the other one gives me this error even on attempting to log in as sys as sysdba.
  I read that I had to grant select_catalog_role and select any dictionary, which I did and it still will not let me log in.
  OS:Linux AS4 update 8, Oracle 10g (10.2.0.4.0), attempting to log into dbconsole.
  Any advice would be great. Is there a way to stop dbconsole and restart it- will that work? Or shutdown the database and restart???

  my sysman user account was locked- I unlocked it and now I am fine.