03-09-2016 06:48 AM - edited 03-12-2019 12:27 AM
Hi to all,
I have one user with Read-Only privileges (level 5). When I try to access to the device via ASDM, the launcher opened the dashboard but when the ASDM is parsing the configuration, the application ask me the credentials one more time. If I use the read-only user the authentication doesn't work, if I use the admin user, I can see the config but I can't modify this.... Is there anyway for enter with the level 5 user only???
Thanks in advance
Regards
David.
03-09-2016 02:16 PM
Hello David,
What is the AAA configuration on the ASA?
03-11-2016 12:39 AM
Hi Alejandra,
I don't know if this helps you... When I try to access via ASDM, the ASA answers me: "You are not allowed to modify ASA configuration, because you do not have sufficient privileges." then the ASA asks me the network password. So if I enter the admin password I can see the config, if I use the RO user, the ASA doesn't grant access.
I'm trying to solve this configuring the next command: "privilege show level 5 mode exec command asdm".... Is correct this command??
The aaa configuration is the next:
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host Radius
aaa-server ACS protocol radius
aaa-server ACS (inside) host 172.X.X.220
aaa-server ACS_V5 protocol radius
aaa-server ACS_V5 (inside) host 172.X.X.65
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
a09c9bfd 3da0cbb6 b24c3a63 4439dcf5 151d742b aaa8a754 c72e3325 92920de7
authentication aaa certificate
authentication aaa certificate
authentication aaa certificate
authentication aaa certificate
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode configure command aaa-server
Thanks in advance!!!
Regards,
David.
03-12-2016 03:27 PM
Hello Davis,
I can see you are using local authentication for SSH and Telnet, but you would need to add http authentication as well.
aaa authentication http console LOCAL.
Let me know your comments
03-15-2016 08:07 AM
Hi Alejandra,
I have tested this command but it doesn't solve my problem... The ASA follow asking me the credentials and, if I use the level 5 user, the ASA doesn't let me see the device configuration.....
Can you help me???
Thanks in advance.
Regards.
David.
03-31-2016 02:05 PM
David,
Can you please send me the output of the command: show running | inc privileges
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide