TACACS default priv exec level
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2006 05:45 AM - edited 03-10-2019 02:40 PM
Hello,
I'm testing the new ACS 4.0 for some feature like .1x.
For the authentication I use a linux box with tacacs+ and all works fine.
I try the tacacs coming from ACS but I don't understand why my account don't go to # lvl 15 priv but I need to insert the enable command.
On ACS my account is lvl 15 and this is my configuration on the test switch:
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default wait-start group tacacs+
aaa accounting system default wait-start group tacacs+
Could some one help me?
thanks you,
valentino
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2006 08:45 AM
You'll need to ensure that the tacacs server is actually passing back the privilege level for Shell Exec. Make sure that your privilege configuration is for the TACACS+ Settings > Shell (exec) settings, not the max enable privilege.
You can also verify whether or not ACS is actually sending the privilege for shell exec if you turn on "debug tacacs". It should look something like...
Jul 28 09:25:02.157: TPLUS: Sending AV service=shell
Jul 28 09:25:02.157: TPLUS: Sending AV cmd*
Jul 28 09:25:02.157: TPLUS: Authorization request created for 4(annie)
Jul 28 09:25:02.157: TPLUS: using previously set server 172.16.242.222 from group tacacs+
.....
Jul 28 09:25:02.173: TPLUS(00000004)/0/8370E638: Processing the reply packet
Jul 28 09:25:02.173: TPLUS: Processed AV priv-lvl=15
Jul 28 09:25:02.173: TPLUS: received authorization response for 4: PASS
Sincerely,
Annie
