Ok here is what's happening now
(Telneted in and did the following)
....

Test1#reload in 000:20
Reload scheduled in 20 minutes
Proceed with reload? [confirm]
Test1#config t
Enter configuration commands, one per line. End with CNTL/Z.
Test1(config)#aaa new-model
Test1(config)#tacacs-server host 10.x.xx.xx single-connection
Test1(config)#tacacs-server key _xxxxxx_xxxxxxx_xxxx_
Test1(config)#tacacs-server timeout 20
Test1(config)#
Test1(config)#aaa authentication login default
Test1(config)#aaa authentication enable default tacacs+
Test1(config)#
Test1(config)#line vty 0 4
Test1(config-line)#login authentication default
Test1(config-line)#exit
Test1(config)#line con 0
Test1(config-line)#login authentication default
Test1(config-line)#exit
Test1(config)#
Test1(config)#aaa authorization network default tacacs+
Test1(config)#aaa authorization exec default tacacs+ if-authenticated
Test1(config)#aaa authorization commands 15 default tacacs+ if-authenticated
Test1(config)#aaa authorization config-commands
Command authorization failed.

Test1(config)#exit
Test1#exit

User Access Verification

Username: bakerd
Password:
% Authorization failed.

That's straight out of HyperTerminal
The following is the ACS's version of what happened

08/04/2004 16:25:11 Authen OK bakerd Global 10.x.xx.xxx tty2 10.x.xx.x
08/04/2004 16:25:11 Author failed bakerd Global 10.x.xx.xxx .. Service denied service=shell cmd* tty2 10.x.xx.x


I'm sorry to take so much of your time but do you see what I could be missing?