https://community.cisco.com/t5/network-access-control/acs-5-1-command-sets-shells-and-other-stuff/m-p/1628762#M266366 <P>I'm a complete noob to ACS, and not strong in the AAA department.&nbsp; I'm trying to implement command sets for helpdesk trouble shooting.</P><P></P><P>I didn't setup the ACS server so I'm assuming that it was setup correctly.</P><P></P><P>As it stands, the people that need ro login into remote devices, can and have access.</P><P></P><P>I have two problems.</P><P></P><P>1) No matter what I do, my test user always logs in with the privilege 15 shell.&nbsp; It doesn't matter what I do to the group in the authorization area of the Access Policies, level 15 privilege.</P><P></P><P>2)&nbsp; When I apply the aaa authorization command 1 default group tacacs+ to my test AP, every account fails with commands at that privilege level.&nbsp; Same for level 0 and level 15.&nbsp; The command sets I have configured never even enter the picture.</P><P></P><P>My test authorization policy for my test user is setup correctly, mapped to the correct AD group, and has the command set applied.</P><P></P><P>If anyone has a clue, let me know and I'll supply more information.</P> Mon, 11 Mar 2019 00:48:00 GMT lkqciscotech 2019-03-11T00:48:00Z https://community.cisco.com/t5/network-access-control/acs-5-1-command-sets-shells-and-other-stuff/m-p/1628762#M266366 <P>I'm a complete noob to ACS, and not strong in the AAA department.&nbsp; I'm trying to implement command sets for helpdesk trouble shooting.</P><P></P><P>I didn't setup the ACS server so I'm assuming that it was setup correctly.</P><P></P><P>As it stands, the people that need ro login into remote devices, can and have access.</P><P></P><P>I have two problems.</P><P></P><P>1) No matter what I do, my test user always logs in with the privilege 15 shell.&nbsp; It doesn't matter what I do to the group in the authorization area of the Access Policies, level 15 privilege.</P><P></P><P>2)&nbsp; When I apply the aaa authorization command 1 default group tacacs+ to my test AP, every account fails with commands at that privilege level.&nbsp; Same for level 0 and level 15.&nbsp; The command sets I have configured never even enter the picture.</P><P></P><P>My test authorization policy for my test user is setup correctly, mapped to the correct AD group, and has the command set applied.</P><P></P><P>If anyone has a clue, let me know and I'll supply more information.</P> Mon, 11 Mar 2019 00:48:00 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-command-sets-shells-and-other-stuff/m-p/1628762#M266366 lkqciscotech 2019-03-11T00:48:00Z https://community.cisco.com/t5/network-access-control/acs-5-1-command-sets-shells-and-other-stuff/m-p/1628763#M266367 <HTML><HEAD></HEAD><BODY><P>have checked the privilege level of the user in your ACS? If it has level 15 that will explain things. </P></BODY></HTML> Fri, 04 Feb 2011 21:17:33 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-command-sets-shells-and-other-stuff/m-p/1628763#M266367 PAUL GILBERT ARIAS 2011-02-04T21:17:33Z https://community.cisco.com/t5/network-access-control/acs-5-1-command-sets-shells-and-other-stuff/m-p/1628764#M266368 <HTML><HEAD></HEAD><BODY><P>Not sure how.&nbsp; ACS is AD integrated.&nbsp; There are no internal users setup.</P></BODY></HTML> Fri, 04 Feb 2011 21:26:54 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-command-sets-shells-and-other-stuff/m-p/1628764#M266368 lkqciscotech 2011-02-04T21:26:54Z https://community.cisco.com/t5/network-access-control/acs-5-1-command-sets-shells-and-other-stuff/m-p/1628765#M266369 <HTML><HEAD></HEAD><BODY><P>I think on this version there is a tab where the users are created. There you might also see the dynamically added users when there is a AD. I don't remember well on this version.</P></BODY></HTML> Fri, 04 Feb 2011 21:39:05 GMT https://community.cisco.com/t5/network-access-control/acs-5-1-command-sets-shells-and-other-stuff/m-p/1628765#M266369 PAUL GILBERT ARIAS 2011-02-04T21:39:05Z