08-23-2011 03:29 AM - edited 03-12-2019 05:39 PM
Hey!
I'm trying to configure ASA 5550 t8.4 so, that ssh and https access users would auth themselves vs Radius (or LDAP) server and they would be directly logged in with privilege mode 15.
I have:
Windows 2008 NTP acting as RADIUS server.
And the network policy is: Service-Type - Login, Vendor-Specific - shell:priv-lvl=15 and allow full network access.
All my AP's and switches with IOS are able to use that policy and i am able to get directly to exec mode (privilege lvl 15)
But on ASA, the user has to "enable" itself.
ASA conf:
#aaa-server <group name> protocol radius
#aaa-server <group name> (inside) host <ip address>
key 013B072C5A26070B2475411C350A18192218313A6A671F1A1B#(config)aaa authentication ssh console <group name> LOCAL
#(config)aaa authentication http console <group name> LOCAL
Or maybe someone has an example how to get authorization working with LDAP (Active Directory)?
08-25-2011 11:33 PM
Hi,
It is not possible to end up directly in enable mode on ASA. There is an enhancement BUG filed for it (CSCtc65952 ASA: capability for automatic setting enable mode for admin access).
Hope this helps,
Sian
08-26-2011 12:17 AM
Hey!
Actually it does not help:) Does cisco have an offcial document for that? And date when it will be fixed?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide