Enable privilge on ACS 5.1.0.44

sansarav720e · ‎06-05-2011

Hi All ,

I have created internal user on internal identiy store --> users with password & enable password , Similarly i have enabled max privilige level 15 under policy elements , authorisation & permission ,Device administration , shell profile .But i am unable to login into device using enable password , I am finding following error on my logg report

Failuire reason : 13029 Requested privilige level is too high ..

Suggest me on this

HTH Regards Santhosh Saravanan

jrabinow · ‎06-05-2011

I think you need to check whether the shell profile is selected as the result of your device admin policy. You should be able to see this by looking into the Monitoring and Troubleshooting details

Do you have a single device admin policy?

If you select Authorization is the shell profile with max privelege level of 15 select as an authoirzation result?

sansarav720e · ‎06-05-2011

Hi Rabinow ,

I have created a profile named TACACS user on shell profile and i have enabled Default privilige & Maximum privilige on this , How to associated this TACACS user profile on my Internal user .

Kindly let me know if i am doing wrong this setup , Thank you

HTH Regards Santhosh Saravanan

jrabinow · ‎06-05-2011

In ACS 5.1 permissions are assigned by policies and not directly associated with a user.

Upon installation there is a default policy called "Default Device Admin" that handles all TACACS+ requests.

In order to select the shell profile you have defined above you have to do the following:

Select:

Access Policies > Access Services > Default Device Admin > Authorization

Press on "Default" on bottom left pf page and then press "Select" to select the Shell Profile you have defined

Press "OK" on the popup and the "Save Changes"

You should no be able to set the enable privelge to 15.