[c-nsp] user privilege question cisco asa

[dalton]

Hi again.

So I put this config in place on a backup asa, but it does seem to work, wondering what i'm missing here?
config below:

lw-vpn2# sh run | inc privilege
username privtest password XXXXXXXXXXXXXXXXX encrypted privilege 12
privilege cmd level 12 mode configure command username
privilege clear level 12 mode configure command username

When i connect as this user, and do show curpriv it shows:

lw-vpn2> show curpriv 
Username : privtest
Current privilege level : 1
Current Mode/s : P_UNPR

Any thoughts or ideas, greatly appreciated!

Thanks!
Dalton

On Sun, Aug 28, 2011 at 02:41:09AM -0400, dalton wrote:
> 
> Hi,
> 
> I have an asa 5510 with a bunch of local users for vpn. What I am looking to do is to allow one of these users, lets say bob, to create users as well as reset user passwords, but nothing
> else. I have read through some docs, and I think I get it, but just want to confirm before implementing on a live ASA.
> 
> i create a privilege group with the relevant commands assigned to it. Something like:
> 
> privilege cmd level 12 mode configure command username
> privilege clear level 12 mode configure command username
> 
> then create a user assigned to this priv level
> 
> 
> username bob password asdasdsa privilege 12
> 
> Is this correct? Will this configuration allow user bob, to create users as well as clear them? Or am I missing something?
> I also don't want to do anything that will effect the current operations of asa, as it is live and in production (i.e. lock myself out or some such).
> 
> Thanks in advance for any help.
> 
> Regards,
> Dalton
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/