12-06-2012 12:08 PM - edited 03-07-2019 10:26 AM
Hi
I have Windows Server 2008 Enterprise edition and I configured IAS for authentication on a Cisco router.
Authentication works great, but authorization, at all.
I use have one IAS server Policies for users with level 15 and another one for users with level 5 (I customized the privilege level 5 to only shows).
privilege exec level 5 ping
privilege exec level 5 show
The configuration for autirization on the routers as follows
aaa authorization exec RAD_VTY group radius local
There is guide to configure autorization with Windows IAS?
Also how to bypass the enable secret password and use the user password instead with AAA?
Thanks
12-06-2012 12:22 PM
You'll need to configure a "Cisco-AV-Pair" for the user that you're wanting to authenticate. When they pass their authentication to the RADIUS server, the attribute pair that will be sent back with this one setting their privilege level. The attribute pair you'd configure is:
Cisco-AV-Pair=shell:priv-lvl=5
HTH,
John
*** Please rate all useful posts ***
12-06-2012 12:30 PM
I set this av pair in a policy
When users log into the router, they get the user (>) prompt and when passing to enable they get full privileges.
I think the solution is to use different enable levels passwords
Or getting the #prompt at login (I do not how to force this with aaa authentication)
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide