I use aaa over tacacs to verfiy user from ms active directory.
I configured a new "Shell Command Authorization Set" see the attachment for details.
But this does not work. So I just want to test whether the use of a command is working or not.
You can see in the attached file I tried something with "show" command.
But if I login I'm still able to use "show aaa servers" for example but in the "show" commandbox I putted the agrument "deny aaa" inside.
Why does this not work?
Thanx for help
Not sure why you want to do this way. Trick here is to give all user a priv 15 and then define command autho set as per your need.
Giving priv 15 does not mean that user will able to execute all commands. You can set up authorization set and allow only specific commands you want user should be able to execute.
Pls rate if that helps