11-06-2013 04:17 AM - edited 03-10-2019 09:04 PM
Hi,
Please fidn the pix device configurations.
sh privilege
privilege show level 5 command cpu
privilege show level 5 command running-config
privilege show level 5 command local-host
privilege show level 5 command memory
privilege show level 5 command conn
privilege show level 5 command xlate
privilege show level 5 command pager
privilege show level 5 mode configure command configure
privilege show level 5 command failover
privilege configure level 5 command ping
privilege show level 5 command interface
privilege show level 5 command arp
privilege configure level 5 command pager
privilege clear level 5 command pager
privilege configure level 5 command write
privilege configure level 5 mode configure command configure
privilege configure level 5 mode enable command configure
privilege configure level 5 mode enable command enable
privilege configure level 5 mode configure command enable
privilege show level 5 mode configure command enable
sh aaa
aaa authentication ssh console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication serial console TACACS+ LOCAL
aaa authorization command TACACS+ LOCAL
sh username
username test password cGVh1Wzc/rOjv82wsd encrypted privilege 5
sh version
Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(2)
Error result , but we are able to login enable mode with privilege level 15.
login as: test
Sent username "test"
test@x.x.x.x's password:
Type help or '?' for a list of available commands.
PIX>
PIX> en
Command authorization failed
PIX>
Awaiting urs response and help here...
Regards / Ramesh M
11-06-2013 07:11 AM
Hi,
Not able to enter enable mode by Privilege level 5 users.
But privilege level 15 users are able to enter enable mode.
Error messge displayed.. Authorization failed for privilege level 5 users
Regards / Ramesh M
11-06-2013 10:25 AM
Try
enable 5
and
show curpriv
11-06-2013 08:14 PM
Hi,
Its no successfull,
I am getting below error
PIX> enable 5
Command authorization failed
PIX> show curpriv
Username : test
Current privilege level : 1
Current Mode/s : P_UNPR
PIX>
But test user has been created with privilege level 5
PIX# sh username
username test password cGVh1Wzc/rOjv8Lo encrypted privilege 5
Regards / Ramesh M
11-07-2013 12:32 PM
aaa authorization command TACACS+ LOCAL
What about TACACS? If it's a local user, why do you set authorization to TACACS+ primarily?
11-07-2013 06:00 PM
Hi Peter,
we have configured TACACS+ As well. some of the local users are created for login with read only access.
If I configure the TACACS+, is the local privilege level authorization will work. ?
Moreover the readonly users in the TACACS+ alo gettting the same command authorization error.
Regards / Ramesh M
11-18-2013 12:05 PM
Hello,
Please try below debug commands and share failure logs you are getting:
[no] debug aaa [authentication | authorization| accounting | internal]
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: