Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2309
Views
0
Helpful
1
Replies

ACS and privilege levels

j-ulanowski
Level 1
Level 1

‎10-30-2001 09:42 AM - edited ‎02-21-2020 09:57 AM

Hi,

I try to assign, using CiscoSecure ACS2.3.6, different enable passwords for different NASes.

And I fail. The following config should, at

least according to my understanding, assign

enable password **** to NAS 10.1.1.1.

But this password is also usable on other NASes.

Why ?

Group Profile Information

group = aaa{

privilege = des "****" 15 "10.1.1.1" ".*" ".*"

default attribute=permit

default service=permit

}

User Profile Information

user = xjku{

member = aaa

password = des "********"

}

NASes config:

aaa new-model

aaa authentication login default local group tacacs+

aaa authentication enable default group tacacs+ enable

aaa authorization exec default local group tacacs+

Labels:
0 Helpful
1 Reply 1

ciscomoderator
Community Manager
Community Manager

‎11-04-2001 08:50 PM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful
Customers Also Viewed These Support Documents