Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
0
Helpful
1
Replies

AAA

Net Support
Level 1
Level 1

‎04-07-2011 08:22 PM - edited ‎03-10-2019 05:58 PM

ACS v5.1

I want to stop NON-ADMIN staff(service desk) from being able to execute the enable command on a router once authenticated.

TACACS authenticates users against AD.

Shell profile set for NON-ADMIN set to Default privilege Level 1.

Command Set for NON-ADMIN set to deny enable.

User ssh to device, gets authenticated.

Is able to execute enable command and use the enable secret to gain Priv15.

What am i doing wrong?What have i missed?

Regards

Labels:
0 Helpful
1 Reply 1

Javier Henderson
Level 4
Level 4

‎04-11-2011 07:13 AM

For those users that you do not want to have privilege level above 1 set the max privilege to 1 (either per-user or per-group).

0 Helpful
Customers Also Viewed These Support Documents