11-17-2005 11:45 AM
I hace successfully deployed the CSS with TACACS authentication. So far I can get both privileged and non-privileged users (show commands) but nothing in between. WEBNS can successfully differentiate between the different user levels as well.
We need to be able to have data center operators suspend or activate services upon request without the risk of them mistakenly making other changes.
How do I give them controlled access to do this? I have not had success with including additional commands in the TACACS command set. If I include configure in the command set, the user ends up in a login loop because they are not privileged.
11-18-2005 06:35 AM
You will need to set up shell commands. I did this setting up Network groups and User groups.
To set up Command authorization you can look here:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp33/user/c.pdf
Here is the entire user guide for the TACACS:
http://cisco.com/application/pdf/en/us/guest/products/ps5927/c2001/ccmigration_09186a00803a9cbb.pdf
11-18-2005 10:52 AM
Thanks. The command authorization provided more insight.
I did get a more granular set of command controls that work in telnet sessions, but WEBNS seems to ignore the command set, providing the user with more privileges than they get on the command line.
I've opened a TAC case on this and have not heard back on it yet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide