[c-nsp] Cisco & Tacacs+
Junaid
junaid.x86 at gmail.com
Fri Dec 14 16:15:18 EST 2007
Hi David,
Try this in your AAA configs:
aaa authorization config-commands
Regards,
Junaid.
On Dec 13, 2007 12:28 AM, DAVID Sébastien <sdavid at ecritel.net> wrote:
>
>
> Yes i have enable aaa command :
>
> aaa new-model
> aaa authentication login telnet group tacacs+ enable
> aaa authentication login console group tacacs+ enable
> aaa authentication enable default group tacacs+ enable
> aaa authorization exec default group tacacs+ if-authenticated none
> aaa authorization commands 1 default group tacacs+ none
> aaa authorization commands 15 default group tacacs+ none
> aaa accounting exec default start-stop group tacacs+
> aaa accounting connection default start-stop group tacacs+
> aaa accounting system default start-stop group tacacs+
>
> My user can enter in configure mode and have access to all command. I'd like to restrict to configure an interface in example to set speed , duplex ....
>
> Thanks
> -----Message d'origine-----
> De: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> Envoyé: mercredi 12 décembre 2007 12:27
> À: DAVID Sébastien; cisco-nsp at puck.nether.net
> Objet: RE: [c-nsp] Cisco & Tacacs+
>
>
> DAVID Sébastien <> wrote on Tuesday, December 11, 2007 8:56 AM:
>
> > Hi,
> >
> >
> >
> > I'm trying to set up my network with a tacacs server based on debian
> > for authentification.
> >
> > Everything works correctly but I meet difficulties to limit the
> > commands in configure mode
>
> How does your aaa config look like? Did you enable "aaa authorization commands 15 ..." and "aaa authorization config-commands"? You can check debug via "debug aaa author" to see what's happening..
>
> oli
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list