cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1922
Views
0
Helpful
1
Replies
Highlighted
Beginner

ACS 5.3 Shell Command Set

Hi all,

Currently i deploy a ACS 5.3 at customer site. The issue i face currently is some command sets no able to deny. Example like below:

i want to deny the AD user with priviledge level 15 to change the enable secret password and delete the enable secret password.

the command i issue at below:

deny enable secret -> working

deny no enable secret  -> no working

Anyone got idea to make the no working argument become working?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Hi there,

I just did a test in my ACS using your requirements and it worked fine, check below my configuration it may help you:

I am using the following AAA commands:

Switch(config)#do sh run | i aaa

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa session-id common

Switch(config)#

Rate if it helps!

View solution in original post

1 REPLY 1
Highlighted
Beginner

Hi there,

I just did a test in my ACS using your requirements and it worked fine, check below my configuration it may help you:

I am using the following AAA commands:

Switch(config)#do sh run | i aaa

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa session-id common

Switch(config)#

Rate if it helps!

View solution in original post