RSA RADIUS AAA Works, but no EXEC mode

PAUL TRIVINO · ‎01-04-2008

I have set up my RSA RADIUS server to authenticate logins to my Cisco device(s). And, I have managed to limit which users can login (by assigning them to a Group in RSA and then Activating that group on the router Agent Host). Works fine.

The last thing I'd like to get is for the authenticated user to go directly to EXEC mode (enabled). Right now the user has to do "en" and enter the enable password/secret.

Anybody know how to do this? Thanx in advance.

Paul

cisco24x7 · ‎01-04-2008

line vty 0 4

privilege level 15

Here is an example:

[root@Linux root]# telnet 192.168.0.5

Trying 192.168.0.5...

Connected to 192.168.0.5 (192.168.0.5).

Escape character is '^]'.

C

*****************

User Access Verification

Username: test3

Password:

Enter your new PIN, containing 4 to 8 digits,

or

to cancel the New PIN procedure:

Please re-enter new PIN:

Wait for the code on your card to change, then log in with the new PIN

Enter PASSCODE:

C2960#

CCIE Security

PAUL TRIVINO · ‎01-04-2008

Just adding the "privilege level 15" to the line? OK, I'll give it a go. Thanx! (I'll rate if it works...;^)

Paul

PAUL TRIVINO · ‎01-04-2008

Works like a champ, thanx. I rated the post but I can't figure out how to mark the answer/thread as "this solved my problem." Any idea how?

Thanx again.

Paul