[cisco-nas] managing users' priviledges with local database

Pierre Nepveu pnepveu at videotron.net
Wed Sep 28 12:39:22 EDT 2005 

Le 2005-09-27 à 15:26, Aaron Leonard a écrit:

AL> Sorry, no way to impose a limit on the number of exec logins
AL> for a locally authenticated user.  (user-maxlinks is useful
AL> only for PPP links.)

thanks for the reply, Aaron.

"I think" user-maxlink may be the answer !  This is what I want to do :  I want
to limit the number of dial-up users to 3 for a special case, using only one
user-id. I tought of creating a special phone number, pointing this number into
a specific box and using some special trick of the local database to limit the
number of sessions to 3.

>From memory, user-maxlink is inteded to limit the number of links in a
multi-link PPP. However, would it also do the trink in my scenario (3 different
sessions, all using the same userID) ?

-------------------------------------------------------------------
Pierre Nepveu, CCNP                    tel: +1 514.380-4289
Architecte - Reseau commute                 +1 888.INFOVTL x 4289
Ingenierie / Telephonie                fax: +1 514 899-8452
Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
-------------------------------------------------------------------



AL> 
AL> Here's what you get for a local username:
AL> 
AL> as5200(config)#username fred ?
AL>   access-class         Restrict access by access-class
AL>   autocommand          Automatically issue a command after the user logs in
AL>   callback-dialstring  Callback dialstring
AL>   callback-line        Associate a specific line with this callback
AL>   callback-rotary      Associate a rotary group with this callback
AL>   dnis                 Do not require password when obtained via DNIS
AL>   nocallback-verify    Do not require authentication after callback
AL>   noescape             Prevent the user from using an escape character
AL>   nohangup             Do not disconnect after an automatic command
AL>   nopassword           No password is required for the user to log in
AL>   password             Specify the password for the user
AL>   privilege            Set user privilege level
AL>   user-maxlinks        Limit the user's number of inbound links
AL>   <cr>
AL> 
AL> Privilege, autocommand and access-class are perhaps the
AL> most generally useful ones in this case.
AL> 
AL> Regards,
AL> 
AL> Aaron
AL> 
AL> ---
AL> 
AL> >hello,
AL> >
AL> >my machine :
AL> >IOS (tm) 5200 Software (C5200-IS-L), Version 11.3(11b)T3
AL> >
AL> >my goal : create a local user in order to supersede TACACS (I've already got :
AL> >aaa authentication login default local tacacs+ enable) and give parameters to
AL> >that user.  What I'm mostly interrested in is limit the numer of simultaneous
AL> >session to 3 (let's say).
AL> >
AL> >Is this feasible at all, to start with ?
AL> >Is there a guide on how to do this (with other parameters I could set) ?
AL> >
AL> >Thanks !
AL> >
AL> >-------------------------------------------------------------------
AL> >Pierre Nepveu, CCNP                    tel: +1 514.380-4289 
AL> >Architecte - Reseau commute                 +1 888.INFOVTL x 4289
AL> >Ingenierie / Telephonie                fax: +1 514 899-8452
AL> >Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
AL> >-------------------------------------------------------------------
AL> >
AL> >
AL> >
AL> >_______________________________________________
AL> >cisco-nas mailing list
AL> >cisco-nas at puck.nether.net
AL> >https://puck.nether.net/mailman/listinfo/cisco-nas
AL> >  
AL> >
AL>

More information about the cisco-nas mailing list