aaa authentication enable console SB_MGMT_NPAS LOCAL aaa authentication http console SB_MGMT_NPAS LOCAL aaa authentication ssh console SB_MGMT_NPAS LOCAL aaa authorization command LOCAL aaa authentication login-history
The problem I'm having is that I can't find a "aaa authorization" command syntax that will allow me to control the privilege level of SSH users. I have two levels of users setup in NPAS RADIUS based on group membership. Admin users are set for level 15 and auditors for level 3. Using debug on the ASA I can clearly see that RADIUS is communicating the privilege attribute during the authentication process:
Got AV-Pair with value shell:priv-lvl=15
Got AV-Pair with value shell:priv-lvl=3
However, when I apply "aaa authorization exec authentication-server auto-enable" or I enable authorization for exec shell access in ASDM it will not allow be to enable at all. What is the command syntax to make the ASA pay attention to the privilege level attribute? Thank you.
Join us on Thursday, June 13 at 11 am PT for CiscoChat Live straight from Cisco Live US 2019.
Bring your questions for our expert panel as we recap the previous three days of Cisco Live. Featuring Jeff Scheaffer for Enterprise Networks, Aruna Ravichandra...
We'll build the bridge to get you where you want to go so you can make anything possible. At Cisco Live, you'll learn new things, be inspired, and create the path to endless opportunities.
Learning at the next level. Cisco announces the biggest evolution...
As networks become more complex to meet the growing demands of cloud, big data, social media, and mobile initiatives, your team is probably still being asked to do more with less. With Cisco’s Smart Net Total Care (SNTC), you can have the tools yo...