How to configure the full access privilege to some of NDG groups.

Unanswered Question
Feb 3rd, 2009

Hi,

we are using cisco ACS 4.2 version. In that i am having around 150 NDG group. and from the user side we have to group namely read only group & administrator group.

Now problem for me is for few of the NDG groups read only users require previlege 15 access.

Can somebody help me how to do the configurations for this.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jhillend Tue, 02/03/2009 - 12:03

OK, first, in the Interface Configuration, make sure "Per-user TACACS+/RADIUS Attributes" is selected. Next in each of the user configurations that require special privilege configuration, go to "Advanced TACACS+ Settings" and under "TACACS+ Enable Control:" select "Define max Privilege on a per network device group basis" and configure the privilege level with the appropriate NDG.

chaitu_kranthi Wed, 02/04/2009 - 02:15

Hi,

Thanks for your quick reply.

i have done all the things as mentioned by you, still i am getting the error as below.

Command authorization failed.

My existing configuration in the device as follows:

APMPLSCR1#sh run | inc tacacs

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

ip tacacs source-interface GigabitEthernet0/0

tacacs-server host 100.6.5.44

tacacs-server timeout 15

tacacs-server key 7 09581A1D4D5514

Actions

This Discussion