02-04-2011 01:11 PM - edited 03-10-2019 05:48 PM
I'm a complete noob to ACS, and not strong in the AAA department. I'm trying to implement command sets for helpdesk trouble shooting.
I didn't setup the ACS server so I'm assuming that it was setup correctly.
As it stands, the people that need ro login into remote devices, can and have access.
I have two problems.
1) No matter what I do, my test user always logs in with the privilege 15 shell. It doesn't matter what I do to the group in the authorization area of the Access Policies, level 15 privilege.
2) When I apply the aaa authorization command 1 default group tacacs+ to my test AP, every account fails with commands at that privilege level. Same for level 0 and level 15. The command sets I have configured never even enter the picture.
My test authorization policy for my test user is setup correctly, mapped to the correct AD group, and has the command set applied.
If anyone has a clue, let me know and I'll supply more information.
02-04-2011 01:17 PM
have checked the privilege level of the user in your ACS? If it has level 15 that will explain things.
02-04-2011 01:26 PM
Not sure how. ACS is AD integrated. There are no internal users setup.
02-04-2011 01:39 PM
I think on this version there is a tab where the users are created. There you might also see the dynamically added users when there is a AD. I don't remember well on this version.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide