Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1282
Views
0
Helpful
2
Replies

RADIUS Authentication keeps getting Privilege 15

dock2000jn
Level 1
Level 1

‎04-06-2018 08:52 AM - edited ‎03-08-2019 02:33 PM

I am trying to configure a Network Admin Account and Reader account using RADIUS authentication. I have read all the set-ups and configurations and I can't get the switches to recognize the different privilege levels with the different accounts. Users are able to login with the AD accounts but they are all logged in at level 15, when the account is set to shell:priv-lvl=1. 

 

I am testing with a Cisco Catalyst 2960 with IOS Version 15.0(2)SE7. 

 

enable secret 5 XXXXXXXXXXXXXXX
!
username backup password 5 XXXXXXXXXXXXXXXXX

aaa new-model
!
!
aaa group server radius Temp
server name Temp
!
aaa authentication login default group Temp local
aaa authorization exec default group Temp local
!
aaa session-id common

!

radius server Temp
address ipv4 192.168.100.5 auth-port 1645 acct-port 1646
key T3mpR@d1u$1
!
!
!
!
line con 0
line vty 0 4
transport preferred ssh

 

Labels:
0 Helpful
2 Replies 2

Diana Karolina Rojas
Cisco Employee
Cisco Employee

‎04-06-2018 01:42 PM

Hello!

 

Can you add this lines to your configuration? 

 

aaa authorization config-commands
aaa authorization exec group Temp local
aaa authorization commands 0 group Temp local
aaa authorization commands 1  group Temp local
aaa authorization commands 15  group Temp local

 

------Do not forget to rate useful post-----

 

 

Regards,

0 Helpful

dock2000jn
Level 1
Level 1
In response to Diana Karolina Rojas

‎04-06-2018 02:46 PM

I tried those commands and still logging in at level 15 with all accounts. On the Radius server I have domain users using:

Service-Type  Login

Cisco-AV-Pair  Cisco  shel:priv-lvl=1

 

And they are still logging in with privilege 15.

 

Some the of commands you gave weren't correct so I put in what I think you were wanting. Here are the commands that are currently in:

aaa authentication login default group Temp local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group Temp local **(after the exec command it either wanted default or authorization list)

***below 2 commands don't show up in the running config.**

aaa authorization commands 1 default group Temp local **(same thing after the level it wanted either default or authorization list.)

aaa authorization commands 15 default group Temp local

0 Helpful
Customers Also Viewed These Support Documents