[c-nsp] Cisco & Tacacs+
DAVID Sébastien
sdavid at ecritel.net
Wed Dec 12 14:28:42 EST 2007
Yes i have enable aaa command :
aaa new-model
aaa authentication login telnet group tacacs+ enable
aaa authentication login console group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated none
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
My user can enter in configure mode and have access to all command. I'd like to restrict to configure an interface in example to set speed , duplex ....
Thanks
-----Message d'origine-----
De : Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
Envoyé : mercredi 12 décembre 2007 12:27
À : DAVID Sébastien; cisco-nsp at puck.nether.net
Objet : RE: [c-nsp] Cisco & Tacacs+
DAVID Sébastien <> wrote on Tuesday, December 11, 2007 8:56 AM:
> Hi,
>
>
>
> I'm trying to set up my network with a tacacs server based on debian
> for authentification.
>
> Everything works correctly but I meet difficulties to limit the
> commands in configure mode
How does your aaa config look like? Did you enable "aaa authorization commands 15 ..." and "aaa authorization config-commands"? You can check debug via "debug aaa author" to see what's happening..
oli
More information about the cisco-nsp
mailing list