Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
0
Helpful
5
Replies

User exec shell Authorization on ASA using IAS radius

Go to solution
pn8-12345
Level 1
Level 1

‎08-05-2009 04:15 AM - edited ‎03-10-2019 04:37 PM

Using ASA 5540- 8.0(4)& trying to get the EXEC Shell (15)authorization for authenticated user fron IAS radius server. Have used the aaa authorization command on the ASA & have specified the attributes on the IAS radius as shown in the config guide but still the user is dropped into default exec level. I need to use the enable command to get the user to privilage exec level,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to pn8-12345

‎08-18-2009 03:38 PM

Hi All,

Though the "Exec authorization command" has been introduced in ASA code 7.1 but the ASA does not support AAA Exec Authorization functionality yet, so it cannot be configured with TACACS or RADIUS.

The enhancement request has already been filed on this.

~Jatin

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎08-05-2009 05:14 AM

You can't go directly to enable mode, you must enter a second password. The ASA is a security appliance and it requires 'two-factor' authentication.

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to Collin Clark

‎08-05-2009 06:00 AM

Yes, firewall does not support exec authorization so there is no way you can directly fall in enable mode. Be it radius or tacacs.

Regards,

~JG

0 Helpful

Go to solution
pn8-12345
Level 1
Level 1
In response to Jagdeep Gambhir

‎08-17-2009 06:28 AM

jagdeep,

Hi, I am using microsoft radius server to authenticate the users. I would like to get the exec shell level 15 authorization from the radius as well.

As per the config giude i need to add the aaa authorization command ont ASA. I then need to configur the radius attributes as shown in the config guide. This ii have done but it still dose not work. The config guide says i can the the exec shell 15 authorization from the radius. Is it possible for you to confirm this or this not possible & my interpritation of the config guide is not correct.

I am going to some investigation on the box this week end. So any help would be appriciated

0 Helpful

Go to solution
pn8-12345
Level 1
Level 1
In response to Collin Clark

‎08-17-2009 06:22 AM

Collin,

Hi, I am using Windows Radius server to do the authentication. I would like to get the exec authorization from the Radius as well. I have added the aaa authorization command on to the ASA.

The config guides says this should work if the attributes are appropriate on the Radius. I have configured them on the radius according to the cisco config guide but it is still not working.

Are you saying this dose not work in the 8.0 code ??

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee
In response to pn8-12345

‎08-18-2009 03:38 PM

Hi All,

Though the "Exec authorization command" has been introduced in ASA code 7.1 but the ASA does not support AAA Exec Authorization functionality yet, so it cannot be configured with TACACS or RADIUS.

The enhancement request has already been filed on this.

~Jatin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents