Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
1
Replies

No Command Authorization for show run

Dave93
Level 1
Level 1

‎02-14-2019 09:47 PM

Although Username has Privilege 15, show run command does not have authorization

All other commands works.

 

Below are AAA commands configured on switch.

 

========

username admin privilege 15 secret 5 xxx
username netadmin privilege 15 secret 5 xxx


aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login console group tacacs+ local
aaa authentication enable default none
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec always if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common

 

=================

 

Labels:
0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎02-15-2019 06:44 PM

You seem missing

aaa authorization commands 1 default group tacacs+ if-authenticated

and,

aaa accounting commands 1 default start-stop group tacacs+

Also check the AAA logs. If using ISE as the T+ server, check ISE T+ Live Logs and verify the command sets assigned to the user.

0 Helpful
Customers Also Viewed These Support Documents