06-05-2011 10:41 PM - edited 03-10-2019 06:08 PM
Hi All ,
I have created internal user on internal identiy store --> users with password & enable password , Similarly i have enabled max privilige level 15 under policy elements , authorisation & permission ,Device administration , shell profile .But i am unable to login into device using enable password , I am finding following error on my logg report
Failuire reason : 13029 Requested privilige level is too high ..
Suggest me on this
06-05-2011 10:58 PM
I think you need to check whether the shell profile is selected as the result of your device admin policy. You should be able to see this by looking into the Monitoring and Troubleshooting details
Do you have a single device admin policy?
If you select Authorization is the shell profile with max privelege level of 15 select as an authoirzation result?
06-05-2011 11:38 PM
Hi Rabinow ,
I have created a profile named TACACS user on shell profile and i have enabled Default privilige & Maximum privilige on this , How to associated this TACACS user profile on my Internal user .
Kindly let me know if i am doing wrong this setup , Thank you
06-05-2011 11:47 PM
In ACS 5.1 permissions are assigned by policies and not directly associated with a user.
Upon installation there is a default policy called "Default Device Admin" that handles all TACACS+ requests.
In order to select the shell profile you have defined above you have to do the following:
Select:
Access Policies > Access Services > Default Device Admin > Authorization
Press on "Default" on bottom left pf page and then press "Select" to select the Shell Profile you have defined
Press "OK" on the popup and the "Save Changes"
You should no be able to set the enable privelge to 15.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide