Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1551
Views
0
Helpful
3
Replies

ASDM Privilege Level default 15 for Radius users

John LeCoque
Level 1
Level 1

ā€Ž02-12-2013 03:24 PM - edited ā€Ž03-10-2019 08:04 PM

So this may be a bit of a dumb question...

I stumbled upon an ASA today that is configured to authenticate against a Radius server for SSH and HTTPS connections. If I log in via SSH, I can't gain a privilege level of more than 1 (tried login command, etc).

However, if I log in with ASDM, I always have privilege level 15.

Command authorization is not enabled.

Is this default behavior. If so, why? Do I need to enable command authorization to override this behavior?

FYI, the system in question is running ASA 8.3(1)

Thanks much

Labels:
0 Helpful
3 Replies 3

shekharmore003
Level 1
Level 1

ā€Ž02-22-2013 01:31 PM

Can you please provide the AAA configuration

0 Helpful

Peter Koltl
Level 7
Level 7
In response to shekharmore003

ā€Ž02-27-2013 12:05 AM

aaa-server RADGR protocol radius

aaa-server RADGR host 10.2.2.2

timeout 4

key cisco123

aaa authentication enable console RADGR LOCAL

After logging in, use the enable command with your user password.

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/configuration/guide/access_management.html#wp1145571

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee

ā€Ž02-27-2013 01:34 AM

In ASA you can't land directly to privilege exec mode after enetring your login password. You have to enter the enable password too. This is only designed for IOS where you can  directly land to( # ) by-passing the enable passowrd mode.

Jatin Katyal


- Do rate helpful posts -

~Jatin
0 Helpful
Customers Also Viewed These Support Documents