RSA RADIUS AAA Works, but no EXEC mode

Unanswered Question
Jan 4th, 2008

I have set up my RSA RADIUS server to authenticate logins to my Cisco device(s). And, I have managed to limit which users can login (by assigning them to a Group in RSA and then Activating that group on the router Agent Host). Works fine.

The last thing I'd like to get is for the authenticated user to go directly to EXEC mode (enabled). Right now the user has to do "en" and enter the enable password/secret.

Anybody know how to do this? Thanx in advance.

Paul

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
cisco24x7 Fri, 01/04/2008 - 12:10

line vty 0 4

privilege level 15

Here is an example:

[[email protected] root]# telnet 192.168.0.5

Trying 192.168.0.5...

Connected to 192.168.0.5 (192.168.0.5).

Escape character is '^]'.

C

*****************

User Access Verification

Username: test3

Password:

Enter your new PIN, containing 4 to 8 digits,

or

to cancel the New PIN procedure:

Please re-enter new PIN:

Wait for the code on your card to change, then log in with the new PIN

Enter PASSCODE:

C2960#

CCIE Security

PAUL TRIVINO Fri, 01/04/2008 - 12:14

Just adding the "privilege level 15" to the line? OK, I'll give it a go. Thanx! (I'll rate if it works...;^)

Paul

PAUL TRIVINO Fri, 01/04/2008 - 14:36

Works like a champ, thanx. I rated the post but I can't figure out how to mark the answer/thread as "this solved my problem." Any idea how?

Thanx again.

Paul

Actions

This Discussion