shell command authorization set

Unanswered Question
May 8th, 2008

umatched commands set to deny

command "configure" argument "permit terminal"

user has full access to all. i just want user to adjust vty lines. I also have the following commands

show with argument"permit run and start"

thats all i have set up in command. they should not be able to do anything in the config mode "Yet"

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
james-benson Thu, 05/08/2008 - 07:24

I actually set up the commands using that document. it is supposed to deny anything else once you are in the config mode. because i have no other commands or arguments defined. but i have full control

james-benson Thu, 05/08/2008 - 08:38

i do not have that in my config. I do not know where i would put it. here is my config

aaa new-model

aaa authentication login default group tacacs+ line

aaa authentication login no_tacacs enable

aaa authentication enable default group tacacs+ enable

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization network default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

Jagdeep Gambhir Thu, 05/08/2008 - 08:42

You need issue that command in config t mode

aaa authorization config-command

That will take care of your issue.

Regards,

~JG

Do rate helpful posts

jong_r0602 Thu, 05/08/2008 - 07:54

Hi James,

Is there a privilege level defined on your vty? Especially if theres a privilege level is 15, remove it first then try it again.

Regards,

Jong

jong_r0602 Thu, 05/08/2008 - 19:19

ok, all you have to do is to follow JG's instruction above on his previous mail to enter the "aaa authorization config-command" in config t mode.

Thanks,

Jong

Actions

This Discussion