https://community.cisco.com/t5/network-access-control/asdm-privilege-level-default-15-for-radius-users/m-p/2145748#M124132 <P>So this may be a bit of a dumb question...</P><P></P><P>I stumbled upon an ASA today that is configured to authenticate against a Radius server for SSH and HTTPS connections. If I log in via SSH, I can't gain a privilege level of more than 1 (tried login command, etc).</P><P></P><P>However, if I log in with ASDM, I always have privilege level 15.</P><P></P><P>Command authorization is not enabled.</P><P></P><P>Is this default behavior. If so, why? Do I need to enable command authorization to override this behavior?</P><P></P><P>FYI, the system in question is running ASA 8.3(1)</P><P></P><P>Thanks much</P> Mon, 11 Mar 2019 03:04:58 GMT John LeCoque 2019-03-11T03:04:58Z https://community.cisco.com/t5/network-access-control/asdm-privilege-level-default-15-for-radius-users/m-p/2145748#M124132 <P>So this may be a bit of a dumb question...</P><P></P><P>I stumbled upon an ASA today that is configured to authenticate against a Radius server for SSH and HTTPS connections. If I log in via SSH, I can't gain a privilege level of more than 1 (tried login command, etc).</P><P></P><P>However, if I log in with ASDM, I always have privilege level 15.</P><P></P><P>Command authorization is not enabled.</P><P></P><P>Is this default behavior. If so, why? Do I need to enable command authorization to override this behavior?</P><P></P><P>FYI, the system in question is running ASA 8.3(1)</P><P></P><P>Thanks much</P> Mon, 11 Mar 2019 03:04:58 GMT https://community.cisco.com/t5/network-access-control/asdm-privilege-level-default-15-for-radius-users/m-p/2145748#M124132 John LeCoque 2019-03-11T03:04:58Z https://community.cisco.com/t5/network-access-control/asdm-privilege-level-default-15-for-radius-users/m-p/2145749#M124133 <HTML><HEAD></HEAD><BODY><P>Can you please provide the AAA configuration</P></BODY></HTML> Fri, 22 Feb 2013 21:31:38 GMT https://community.cisco.com/t5/network-access-control/asdm-privilege-level-default-15-for-radius-users/m-p/2145749#M124133 shekharmore003 2013-02-22T21:31:38Z https://community.cisco.com/t5/network-access-control/asdm-privilege-level-default-15-for-radius-users/m-p/2145750#M124134 <HTML><HEAD></HEAD><BODY><P>aaa-server RADGR protocol radius</P><P>aaa-server RADGR host 10.2.2.2</P><P> timeout 4</P><P> key cisco123</P><P></P><P>aaa authentication enable console RADGR LOCAL</P><P></P><P>After logging in, use the enable command with your user password.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/partner/docs/security/asa/asa83/configuration/guide/access_management.html#wp1145571">http://www.cisco.com/en/US/partner/docs/security/asa/asa83/configuration/guide/access_management.html#wp1145571</A></P></BODY></HTML> Wed, 27 Feb 2013 08:05:26 GMT https://community.cisco.com/t5/network-access-control/asdm-privilege-level-default-15-for-radius-users/m-p/2145750#M124134 Peter Koltl 2013-02-27T08:05:26Z https://community.cisco.com/t5/network-access-control/asdm-privilege-level-default-15-for-radius-users/m-p/2145751#M124135 <HTML><HEAD></HEAD><BODY><P>In ASA you can't land directly to privilege exec mode after enetring your login password. You have to enter the enable password too. This is only designed for IOS where you can&nbsp; directly land to( # ) by-passing the enable passowrd mode.</P><P></P><P></P><P>Jatin Katyal <BR /> <BR /> <BR />- Do rate helpful posts -</P></BODY></HTML> Wed, 27 Feb 2013 09:34:39 GMT https://community.cisco.com/t5/network-access-control/asdm-privilege-level-default-15-for-radius-users/m-p/2145751#M124135 Jatin Katyal 2013-02-27T09:34:39Z