[c-nsp] Problem with "username xxx privilege 15"

Dennis Peng dpeng at cisco.com
Fri Dec 3 18:59:01 EST 2004


Just to close on this issue, if "aaa new-model" is not configured, the
privilege level (and other per-user attributes you configured using
the "username" command") take effect without any extra
configuration. This is because our previous mode of operation was to
combine both the authentication and authorization phase. When "aaa
new-model" is configured, authentication and authorization are enabled
and configured separately allowing for greater control, but does
introduce some confusion as evidenced by this thread.

Dennis

Dennis Peng [dpeng at cisco.com] wrote:
> Jim McBurnett [jim at tgasolutions.com] wrote:
> >  
> > 
> > -----Original Message-----
> > From: Dennis Peng [mailto:dpeng at cisco.com] 
> > Sent: Thursday, December 02, 2004 7:27 PM
> > To: Bob Tinkelman
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Problem with "username xxx privilege 15"
> > 
> > If AAA is enabled, you have to configure:
> > 
> > aaa authorization exec default local
> > 
> > Authorization applies the per-user attributes such as privilege-level.
> > 
> > Dennis
> > 
> > ---- 
> > This is not totally true-- on the new 2800 series at least it does not
> > have to have aaa auth for this to work!!!
> > 
> > I saw this on a 2811 Advanced IP Services VPN bundle...
> 
> Could you post the configuration please? Thanks.
> 
> Dennis
> 
> > J
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list