Authorization failure in GSS

Hi all,
I have configured a Cisco GSS for AAA using TACACS.
The Cisco GSS is version 3.0(2) and the ACS server is 4.2(0) build 124
I have a configuration storage application which connects to devices and download the configuration. This is working for all cisco devices by defining a username with privilege-level 15 in the TACACS and only allowing that user to run "show commands".
The problem I found with the Cisco GSS is that if you specify anything in the "shell command authorization set", once the user logs into the GSS and try to "enable", it says "Authorization failed. Admin privilege required."
I tried another option by limiting the source IP for that user and the group of devices it could access to with per-user NAR restrictions and without "shell command authorization set" restrictions but the behavior is the same: If NAR is applied, the user is not able to "enable" receiving "Authorization failed. Admin privilege required." but if I disable NAR, and try to "enable" I get the # prompt without any problem.
Do you know if there is any way to allow a restricted TACACS user access to the enable mode in the Cisco GSS?
Best regards
//Miguel

Hi,
Thank you very much for your support.
But still i'm getting the same error. I read in one site the below step(Marked as Bold), This could be the reason why the error is occurring..
But I don't know how to check, If any one know about the below step, let me know.
Depending upon the function security options set up by your system administrator, you might be able to create, format, and approve Automatic receipt batches in one step.
Thanks and Regards,
Muthu

Similar Messages

  • 910 application authorization failure blackberry

    hi all im new to here and looking for some help i have just got a sceond hand bb and it dint have appworld on it so when i tryed to download it it came up with this 910 application authorization failure and am not sure y can anybody help me out thanks
    lee

    Hello leewilliam88
    Welcome to the Community
    From the Error message it seems that an IT policy has been enabled on the Device.As you had brought it second hand  to resolve the problem you had to remove the IT policy from the device .So to do that follow this Knowledge Base :
    KB14202 : How to remove an IT policy from a BlackBerry Device.
    Try any of the Method suggested in Knowledge Base to remove the IT policy from the device.Additional Information regarding the error :KB12230
    I hope it will Resolve your problem.
    Prince
    Click " Like " if you want to Thank someone.
    If Problem Resolves mark the post(s) as " Solution ", so that other can make use of it.
    Click " Like " if you want to Thank someone.
    If Problem Resolves mark the post(s) as " Solution ", so that other can make use of it.

  • "Create PDF from Web Page" Yields Authorization Failure

    Acrobat 9 Pro Extended running on Windows XP Service Pack 3:
    When using "Create PDF from Web Page," certain linked pages result in an "Authorization Failure" error message. Is there any way to instruct Acrobat to disregard pages that are not downloadable and continue creating the PDF?

    I am having the same issue AND none of my pages or files require a UserID or Password. My issue appears to be something with the domain because a and b work just fine and produce a PDF file while item c does not work and produces the error msg.
    http://www.dot.wi.gov/projects/neregion/151/index.htm works just fine and produces a PDF file.
    http://www.dot.state.wi.us/projects/neregion/151/index.htm works just fine and produces a PDF file.
    http://www.wisconsindot.gov/projects/neregion/151/index.htm produces an error msg. ‘Nothing done’.Error info. - Authorization Failure    http://www.wisconsindot.gov/projects/neregion/151/index.htm
    [email protected]

  • Create PDF From Web Page - Authenticated SharePoint Sites generate "Authorization Failure" error

    We have several authenticated sharepoint sites on our intranet, and we are trying to create a PDF of a site (x levels down) using the Acrobat create PDF from web page feature.  When you try to create a PDF from a non-sharepoint, authenticated website, a login prompt appears asking for login credentials.  However, when you try to use the same feature on an authenticated sharepoint site, you do not get prompted for credentials and instead get an Authorization Failure error.  the popup says "Error: Nothing Done".  We have successfully PDF'd anonymous sharepoint sites on the WWW.  Has anyone successfully PDF'd an authenticated SharePoint site? 
    Thanks in advance,
    -Richard.

    I am having the same issue AND none of my pages or files require a UserID or Password. My issue appears to be something with the domain because a and b work just fine and produce a PDF file while item c does not work and produces the error msg.
    http://www.dot.wi.gov/projects/neregion/151/index.htm works just fine and produces a PDF file.
    http://www.dot.state.wi.us/projects/neregion/151/index.htm works just fine and produces a PDF file.
    http://www.wisconsindot.gov/projects/neregion/151/index.htm produces an error msg. ‘Nothing done’.Error info. - Authorization Failure    http://www.wisconsindot.gov/projects/neregion/151/index.htm
    [email protected]

  • How to configure CCMS alert to monitor Authorization failures?

    Dear All,
    How to configure CCMS alert to monitor Authorization failures?
    Thanks
    Ashok

    Hello,
    in case you have not yet set up your monitoring infrastructure, the following link will provide you with the information needed:
    http://service.sap.com/monitoring
    If everything is set up (Agents are installed and connected to your central monitoring system, ...) you can go to transaction RZ21, select Technical Infrastructure - Configure Central System - Assign Central Autoreactions to set up your alerts.
    For the Update errors use the MTE CLass AbapErrorInUpdate. For the Lock please use the search Option.
    Regards
    Christian
    Edited by: Christian Rose on Apr 25, 2011 7:59 PM

  • Authorization Failure Redirect URL in OAM

    Hi,
    From OAM policies i want to redirect a user to Authorization Failure page by configuring redirect URL for Authorization Failure. But user is always redirected to OAM operation error page (with an error message that URL .. has been denied for the user) in case of Authorization Failure..How to redirect the user to my AuthFail.html page ? I am able to redirect the user to AuthenticationFailure page incase of authentication failure..but not able to redirect in case of authorization failure..how to achieve this?
    Thanks & Regards,
    Srikanth

    Hi,
    I am new to OAM and facing the same error in Authz Rule. Did your issue get resolved?
    When I tested the URL with access tester for authz failure scenario, I got Authorized Inconclusive.
    I do understand if I mention the AuthFail.html in the redirection URL Authz Inconclusive, the user would be able to see the appropriate error page. But I wanted to understand the reason for authz getting into inconclusive condition. Can someone provide me clarity on this?
    Thanks!

  • ACS + Device Authorization Failure

    Good Afternoon:
    I hoping someone can help me out... I have an ACS configured with a group that is setup for admins. This group is mapped to an AD group. This is setup correctly. On each network device are the commands:
    aaa authorization exec default group tacacs+ if-authenticated
    I can create a local user and place them into the aformentioned group and the TACACs authentication and authorization work fine. However, I cannot use that same local group mapped to a AD group and a user in that group. It passes authentication but I get an authorization failure in my logs (ACS) and a authorization failed message on the device.
    Any ideas?
    Thanks!

    ACS has extensive logging capabilities that allow an administrator to troubleshoot any issue pertaining to the ACS server itself (for example, replication) or an AAA request problem (for example, an authentication problem) from NAS.
    Refer the following url for more info on troubleshooting ACS:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_Trble.html

  • Radius Authorization failure

    I have defined Radius proxy on csg2 to external radius server, but pdp fails with Authorization failure message on GGSN and on Csg2 debut log I see “SAMI 3/3: Nov 23 15:11:43.937: RADIUS: Dropping the unsolicited RADIUS packet”

    IAS server might be incorrect Radius Attribute to the router.ou can find an example of the RADIUS attributes required at the end of
    'Configuring Authentication Proxy' at http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804ad9bc.html#wp1002138

  • RME 4.1.1 - PSIRT and EoS/EoL reports authorization failure

    Hello group,
    I have RME 4.1.1 installed and I am attempting to generate either a PSIRT or an End Of Sale/End Of Life report. I start the report from RME->Reports->Report Generator and input all the appropriate information (CCO user/pass, email, etc) and then click "Finish". I get the popup that says to get Report Jobs for the status of the report, and as fast as I can navigate to Report Jobs I see that the job failed.
    So I check invreports.log and this line stands out in particular:
    [ Fri Oct 01  13:45:38 CDT 2010 ],ERROR,[main],com.cisco.nm.rmeng.inventory.reports.job.JobExecutor,runReport,773,Authorization failure for ajschroedercom.cisco.nm.rmeng.util.NotAuthorizedUserException: ajschroeder
    I do have my Ciscoworks server integrated with ACS, so I reregistered my apps with ACS, and restarted ACS and Daemon Manager with no luck, I even applied the patch described in the following doc: https://supportforums.cisco.com/docs/DOC-9080
    I am confident that I am missing something, but I have no idea what. I have attached my invreports.log
    As always, any help would greatly be appreciated,
    AJ Schroeder

    This is CSCsm77700 which is fixed in RME 4.2.  I highly recommend you download the upgrade to LMS 3.2 from http://www.cisco.com/go/nmsevals .  However, a patch is available for RME 4.1.1 if you contact TAC.
    http://wwwin.cisco.com/ios/cets/pdi/cbms/cdets/legend.shtml

  • My tablet got authorization failure when I want to open book

    the book that i downloaded on bookshop opened on my PC,but shows authorization failure on my tablet.what to do?

    Hi Zannat,
    Don't get scared. Cookies are the small file which stores your settings for a website, such as location details, login details, language details and so..
    Some sites don't care about your cookies settings but some other sites instructs you to enable cookies in your browser. Enabling cookies is too easy.
    Just follow the instructions which explained [[Enable and disable cookies that websites use to track your preferences |here]] .
    Thank you!!!

  • SMS through Midlet -- Authorization Failure

    Hi,
    I have written a small Midlet that sends an SMS. When I run the MIDlet in Wireless Tool Kit , I am getting "OTA Error Code (49) - Application authorization failure. [javax.microedition.io.Connector.sms]".
    I have added the permission for "javax.microedition.io.Connector.sms". I don't know what's else to do.
    Could some please help!!!
    Thanks,
    Anuja

    Hi,
    I have written a small Midlet that sends an SMS. When I run the MIDlet in Wireless Tool Kit , I am getting "OTA Error Code (49) - Application authorization failure. [javax.microedition.io.Connector.sms]".
    I have added the permission for "javax.microedition.io.Connector.sms". I don't know what's else to do.
    Could some please help!!!
    Thanks,
    mitesh

  • RAC -- CRS-0254: authorization failure

    Hi,
    i m trying to start 1 instance in rac env using srvctl command i m getting following error.
    CRS-0254: authorization failure

    Hi Pawell,
    I am not sure whether your problem has been resolved or not.
    But unfortunately even we are facing the same issue. Till today morning everything was fine. Suddenly users started complaining that they can't connect to the database.
    When we tried log into database using sqlplus command it gave us TNS:protocol Adapter error which is weird. (every service relates to oracle and cluster are running from windows services and even when we checked crs_stat -t ==> all the services are up and running)
    and when we tried to stop the services on the cluster level it gave us CRS-254 which is authorization failure.
    Though restarting the server fixed the problem as of at this moment, We don't really know what caused that problem.
    If your problem has been resolved can you give me some information in relates to this.
    Regards
    Balaji

  • Sims 3 "Disc Authorization Failure" error?

    Can't play Sims 3 because of a "Disc Authorization Failure" error, tried everything I could find on goole to fix it with no success. Any ideas what to do to fix this issue?

    Hello
    > What else is to do?
    This was already being asked here in the forum so follow the link posted by Jimi.
    The user Chad posted a workaround and you should try. I didnt try this because I dont have SIMS 3 but on my friends notebook it worked!
    Check this!!
    Greets

  • CRS-0254:  authorization failure

    Hi,
    I have a Windows 2003 Server machine running on 2 nodes with Oracle DB 10.2.0.4
    When I try to stop one of the instances I get the following error:
    CRS-0254: authorization failure
    I am logged in with my domain user account which belongs to a domain-Admin group which in turn is attached to local-Admin group.
    On metalink I found Note 550849.1 which explains that the user who created DB and services must be the same as the user who installed the Oracle software. Now, the thing I don't understand is this:
    1. When I click on oracle.exe file Properties > Security tab > Advanced button > Owner tab I can see:
    Current owner of this item:
    Administrators (myserver\Administrators)
    2. However, when I check the permissions of the services with getperm:
    C:\oracle\product\10.2.0\crs\BIN>crs_getperm ora.RACDB.db
    Name: ora.RACDB.db
    owner:system:rwx,pgrp::---,other::r--,
    I can see system as the owner.
    Now, there is no SYSTEM user that I can see in my local accounts so the question is - what exactly is that SYSTEM owner coming from?

    Hi Pawell,
    I am not sure whether your problem has been resolved or not.
    But unfortunately even we are facing the same issue. Till today morning everything was fine. Suddenly users started complaining that they can't connect to the database.
    When we tried log into database using sqlplus command it gave us TNS:protocol Adapter error which is weird. (every service relates to oracle and cluster are running from windows services and even when we checked crs_stat -t ==> all the services are up and running)
    and when we tried to stop the services on the cluster level it gave us CRS-254 which is authorization failure.
    Though restarting the server fixed the problem as of at this moment, We don't really know what caused that problem.
    If your problem has been resolved can you give me some information in relates to this.
    Regards
    Balaji

  • ISCSI connection - authorization failure

    I've got an Equallogic SAN box.  All works fine, loads of volumes, 3 host servers access volumes etc etc.
    I'm trying to get a new server to connect to a target.  Another server can connect to it fine and all works.  I added the new server into the access policy, it sees the target, but i get "authorization failure" when I try to connect.
    Any ideas?

    Hi,
    Glad to hear it's now working, thanks for the feedback!
    Best Regards,
    Mandy
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Maybe you are looking for