Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1535
Views
0
Helpful
2
Replies

Authentication to ASA Privileged mode

karblane1
Level 1
Level 1

‎08-23-2011 03:29 AM - edited ‎03-12-2019 05:39 PM

Hey!

I'm trying to configure ASA 5550 t8.4 so, that ssh and https access users would auth themselves vs Radius (or LDAP) server and they would be directly logged in with privilege mode 15.

I have:

Windows 2008 NTP acting as RADIUS server.

And the network policy is: Service-Type - Login, Vendor-Specific - shell:priv-lvl=15 and allow full network access.

All my AP's and switches with IOS are able to use that policy and i am able to get directly to exec mode (privilege lvl 15)

But on ASA, the user has to "enable" itself.

ASA conf:

#aaa-server <group name> protocol radius
#aaa-server <group name> (inside) host <ip address>
  key 013B072C5A26070B2475411C350A18192218313A6A671F1A1B

#(config)aaa authentication ssh console <group name> LOCAL

#(config)aaa authentication http console <group name> LOCAL

Or maybe someone has an example how to get authorization working with LDAP (Active Directory)?

Labels:
0 Helpful
2 Replies 2

Parminder Sian
Level 1
Level 1

‎08-25-2011 11:33 PM

Hi,

It is not possible to end up directly in enable mode on ASA. There is an enhancement BUG filed for it (CSCtc65952    ASA: capability for automatic setting enable mode for admin access).

Hope this helps,

Sian

0 Helpful

karblane1
Level 1
Level 1
In response to Parminder Sian

‎08-26-2011 12:17 AM

Hey!

Actually it does not help:) Does cisco have an offcial document for that? And date when it will be fixed?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents