Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
571
Views
0
Helpful
3
Replies

Radius attributs

cedric.liegeois
Level 1
Level 1

‎08-02-2011 02:50 AM - edited ‎03-10-2019 06:16 PM

Hello,

We would like to backup our configuration of cisco ASA 5550.

We would like to know the attribut to give privilege 15 for the shell command in Radius.

We tried

- cisco-avpair : shell:priv-lvl=15

- cisco-avpair : shell:Admin*Admin

in the radius configuration but it doesn't work.

The connection is ok but we haven't the privilege 15.

Can you give us the good attribut to connect user in the enable shell in the cisco asa?

We thank you in advance.

LIEGEOIS Cédric

IT Security

Labels:
0 Helpful
3 Replies 3

alex.dersch
Level 4
Level 4

‎08-04-2011 01:51 PM

Hi Cedric,

did you configure the ASA for command authrization?

      aaa authorization command LOCAL

      aaa authorization exec authentication-server

0 Helpful

alex.dersch
Level 4
Level 4
In response to alex.dersch

‎08-04-2011 01:52 PM

You might need also this command.

aaa authentication enable console LOCAL

0 Helpful

cedric.liegeois
Level 1
Level 1
In response to alex.dersch

‎08-05-2011 01:02 AM

Alex,

Thanks for your reponses.

This is my configuration for the aaa configuration:

  • aaa authentication ssh console radadm LOCAL
  • aaa authentication enable console radadm LOCAL
  • aaa accounting ssh console radadm
  • aaa accounting enable console radadm
  • aaa authorization exec authentication-server

and for the aaa-server:

  • aaa-server radadm protocol radius
  • aaa-server radadm (Management) host Radius_Server
  • timeout 5
  • key *****
  • authentication-port 1812
  • accounting-port 1813

The user can connect but it is in the normal mode. I try to connect my user directly in the exec mode.

The server is a radius server.

Thank you in advance.

LIEGEOIS Cédric

0 Helpful
Customers Also Viewed These Support Documents