Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2659
Views
0
Helpful
4
Replies

adding a user with privilege 5

parisvcisco
Level 1
Level 1

‎07-31-2014 09:20 AM - edited ‎03-11-2019 09:33 PM

I've been asked to add a user to our asa 5520 firewall with privilege level 5.

how should I do this? I did:

username test password blah privilege 5

but when they ssh to it they just get to the > prompt. How can they enable without giving them the enable password? I assume this is what they would need to show run?

 

 

Labels:
0 Helpful
4 Replies 4

nspasov
Cisco Employee
Cisco Employee

‎07-31-2014 11:13 AM

I think you will find solution(s) to your problem here:

http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/23383-showrun.html

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

parisvcisco
Level 1
Level 1
In response to nspasov

‎08-01-2014 08:19 AM

thanks.

At the moment sh run aaa shows this:

aaa authentication ssh console LOCAL

If I create a user with privilege 1 and they ssh in then type in login and enter their username and password they can make any changes they like and write mem?? That can't be right!

 

Is this because of  aaa authentication ssh console LOCAL ?

 

 

0 Helpful

parisvcisco
Level 1
Level 1

‎07-31-2014 11:35 AM

thanks for the link but even when I give the user privilege 15 this is what I see:
 
firewall> ?
 
  clear       Reset functions
  enable      Turn on privileged commands
  exit        Exit from the EXEC
  help        Interactive help for commands
  login       Log in as a particular user
  logout      Exit from the EXEC
  no          Negate a command or set its defaults
  ping        Send echo messages
  quit        Exit from the EXEC
  show        Show running system information
  traceroute  Trace route to destination
 
firewall> show ? 
 
  checksum   Display configuration information cryptochecksum
  curpriv    Display current privilege level
  disk0:     Display information about disk0: file system
  disk1:     Display information about disk1: file system
  flash:     Display information about flash: file system
  history    Display the session command history
  inventory  Show all inventory information for all slots
  version    Display system software version
0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to parisvcisco

‎07-31-2014 01:43 PM

Sorry I wasn't paying attention and did not notice that you are asking about ASA :) Can you post the output of the following command:

show run aaa

You need to have a few commands in place to make this work on the ASA. For instance, the following syntax would authenticate and authorize the user admin to priv level 15. Now keep in mind that the user will have to login with the configured username and password. Then the user would have to type enable  and use the same configured password to be authorized and allowed in the exec shell:

username admin password cisco privilege 15
!
aaa authentication serial console LOCAL 
aaa authentication enable console LOCAL 
aaa authorization exec LOCAL

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card