topic David, in Network Security

Read-Only user in ASDM

David Babiano Rodriguez — Tue, 12 Mar 2019 07:27:35 GMT

Hi to all,

I have one user with Read-Only privileges (level 5). When I try to access to the device via ASDM, the launcher opened the dashboard but when the ASDM is parsing the configuration, the application ask me the credentials one more time. If I use the read-only user the authentication doesn't work, if I use the admin user, I can see the config but I can't modify this.... Is there anyway for enter with the level 5 user only???

Thanks in advance

Regards
David.

Hello David,

alpaezca — Wed, 09 Mar 2016 22:16:28 GMT

Hello David,

What is the AAA configuration on the ASA?

Hi Alejandra,I don't know if

David Babiano Rodriguez — Fri, 11 Mar 2016 08:39:57 GMT

Hi Alejandra,

I don't know if this helps you... When I try to access via ASDM, the ASA answers me: "You are not allowed to modify ASA configuration, because you do not have sufficient privileges." then the ASA asks me the network password. So if I enter the admin password I can see the config, if I use the RO user, the ASA doesn't grant access.

I'm trying to solve this configuring the next command: "privilege show level 5 mode exec command asdm".... Is correct this command??

The aaa configuration is the next:

aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host Radius
aaa-server ACS protocol radius
aaa-server ACS (inside) host 172.X.X.220
aaa-server ACS_V5 protocol radius
aaa-server ACS_V5 (inside) host 172.X.X.65
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
a09c9bfd 3da0cbb6 b24c3a63 4439dcf5 151d742b aaa8a754 c72e3325 92920de7
authentication aaa certificate
authentication aaa certificate
authentication aaa certificate
authentication aaa certificate
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode configure command aaa-server

Thanks in advance!!!

Regards,
David.

Hello Davis,

alpaezca — Sat, 12 Mar 2016 23:27:20 GMT

Hello Davis,

I can see you are using local authentication for SSH and Telnet, but you would need to add http authentication as well.

aaa authentication http console LOCAL.

Let me know your comments

Hi Alejandra,

David Babiano Rodriguez — Tue, 15 Mar 2016 15:07:28 GMT

Hi Alejandra,

I have tested this command but it doesn't solve my problem... The ASA follow asking me the credentials and, if I use the level 5 user, the ASA doesn't let me see the device configuration.....

Can you help me???

Thanks in advance.

Regards.

David.

David,

alpaezca — Thu, 31 Mar 2016 21:05:58 GMT

David,

Can you please send me the output of the command: show running | inc privileges