[c-nsp] PIX or ASA Privilege level access issue
David White, Jr. (dwhitejr)
dwhitejr at cisco.com
Fri Nov 19 09:29:53 EST 2010
Hi Edward,
It sounds like you are missing the following line in your configuration:
aaa authorization exec authentication-server
Issue "show curpriv" after the user logs in to verify they are assigned
the correct privilege level from the Radius server.
Sincerely,
David.
Edward Iong wrote:
> Dear All,
>
> We have encouter an issue as we Assign Privilege Levels in PIX or ASA with Microsoft IAS server.
> We plan to set RO and RW access for users to have different privilege levels to access Cisco devices.
> We have tested that Switch and Router does not have the RO(router>)non-privilege level issue. But in ASA/PIX using user account which is in the RO group which has set "shell:priv-lvl=1 or 5" can access the privilege mode (prompt is router#)
> itestmo is a RO group
> >From PIX or ASA.
> "
> Username: ittestmo
> Password: *******
> Type help or '?' for a list of available commands.
> MOOFFW01> EN
> Password: *******
> MOOFFW01#
> "
> >From Switch or router
> "
> User Access Verification
> Username: ittestmo
> Password:
> MOOFSW01>EN
> Password:
> % Access denied
> MOOFSW01>
> "
> Could anyone let me know how to use this issue?
>
> Thanks and Regards,
>
> Edward
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list