Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
5
Replies

User Priviledges in ACS

estelamathew
Level 2
Level 2

‎11-22-2010 09:22 AM - edited ‎03-10-2019 05:36 PM

Hello Dears,

I have created a user in ACS 5.0 i want to give piriviledge level 15 to that user,which TAB i have to route to give permission of privilege 15,i have worked on ACS 4.2 ,,ACS 5.0 is very much new for me

Labels:
0 Helpful
5 Replies 5

Nicolas Darchis
Cisco Employee
Cisco Employee

‎11-23-2010 03:55 AM

Can we have a bit of switch config ? as well as the authorization profile screenshot of the user on ACS ?

Nicolas

0 Helpful

estelamathew
Level 2
Level 2

‎11-23-2010 04:25 AM

Hello Dear's,

It is a HP switch with manager access (that means privi 15) i want to enable privi 15 on user in ACS,There aaa authorization exec default group tacacs+ authorization configured  on switch hence it is a HP switch, and except username nothing configured for user in ACS,i want to enable privilege level 15.

Thanks

0 Helpful

Eduardo Aliaga
Level 4
Level 4
In response to estelamathew

‎11-23-2010 10:43 AM

You have to go to "policy elements/Authorizations and permissions/Device Administration/Shell Profiles". There you create a "new shell profile".

If you're using a Cisco IOS device then you will choose "Common Tasks/Default Privilege/Static" and choose the level you want.

Since you're using an HP switch maybe you'll have to choose "Custom attributes", findout what's the attribute called in the HP world and then set the value.

0 Helpful

estelamathew
Level 2
Level 2
In response to Eduardo Aliaga

‎11-23-2010 11:03 AM

Hello Dear,

No such configuration in user profile how it will reflect to user when he login's in,  I do have a cisco switches also, As in ACS 4.2 we use to do.

Enable the following TACACS+ settings in the user’s profile. (Make sure they are
enabled for user’s profile in the ACS interface configuration). On the TACACS+
Settings section of the page check the Shell (exec) checkbox and set the
Privilege Level field to 15.

Can u explore more for 5.0,, And where is custom attribute tab

0 Helpful

Eduardo Aliaga
Level 4
Level 4
In response to estelamathew

‎11-23-2010 11:09 AM

Hi. In ACS 5.x there are no "user profiles" or "group profiles" anymore. Instead you'll use "policy elements" and "access policies". By default you have two access policies "default device admin" and "default network access". Since you're working with switches you can choose "default device admin" and click "authorization". That's where you can link the policy to the "shell profile" I told you in the previous post.

By the way, ACS 5.0 is too old now. it's better if you use ACS 5.1 or ACS 5.2

0 Helpful
Customers Also Viewed These Support Documents