Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
0
Helpful
1
Replies

PIX/FWSM command authorization?

gspadden
Level 1
Level 1

‎03-16-2005 06:49 AM - edited ‎02-21-2020 12:01 AM

Has anyone sucessfully implement command authorization on the PIX or FWSM? I seem to be stumbling on the enable authentication part. I can sucessfully authenticate a tacacs+ user, but when I try to authenticate the enable command, my tacacs server in debug mode returns the following:

enable query for 'admin' 24 from 10.1.2.4 rejected

Here is my tacacs and FWSM config:

user = $enable$ {

login = des xxxxx

}

user = $enab15$ {

login = des xxxxx

}

user = admin {

default service = permit

login = file /etc/passwd

}

user = backup {

login = nopassword

cmd = write { permit net

}

}

user = readonly {

login = des xxxxxx

cmd = show {

permit .*

}

cmd = quit {

permit .*

}

cmd = exit {

permit .*

}

cmd = * {

deny .*

}

}

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 1

aaa-server TACACS+ (outside) host 10.2.3.5 xxxxx timeout 10

aaa-server TACACS+ (outside) host 10.1.2.3 xxxxx timeout 10

aaa authentication ssh console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎03-22-2005 09:42 AM

You need to login with admin capability to do this.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card