[c-nsp] user privilege question cisco asa
dalton
daltons at panix.com
Mon Aug 29 14:40:27 EDT 2011
Hi again.
So I put this config in place on a backup asa, but it does seem to work, wondering what i'm missing here?
config below:
lw-vpn2# sh run | inc privilege
username privtest password XXXXXXXXXXXXXXXXX encrypted privilege 12
privilege cmd level 12 mode configure command username
privilege clear level 12 mode configure command username
When i connect as this user, and do show curpriv it shows:
lw-vpn2> show curpriv
Username : privtest
Current privilege level : 1
Current Mode/s : P_UNPR
Any thoughts or ideas, greatly appreciated!
Thanks!
Dalton
On Sun, Aug 28, 2011 at 02:41:09AM -0400, dalton wrote:
>
> Hi,
>
> I have an asa 5510 with a bunch of local users for vpn. What I am looking to do is to allow one of these users, lets say bob, to create users as well as reset user passwords, but nothing
> else. I have read through some docs, and I think I get it, but just want to confirm before implementing on a live ASA.
>
> i create a privilege group with the relevant commands assigned to it. Something like:
>
> privilege cmd level 12 mode configure command username
> privilege clear level 12 mode configure command username
>
> then create a user assigned to this priv level
>
>
> username bob password asdasdsa privilege 12
>
> Is this correct? Will this configuration allow user bob, to create users as well as clear them? Or am I missing something?
> I also don't want to do anything that will effect the current operations of asa, as it is live and in production (i.e. lock myself out or some such).
>
> Thanks in advance for any help.
>
> Regards,
> Dalton
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list