08-05-2009 04:15 AM - edited 03-10-2019 04:37 PM
Using ASA 5540- 8.0(4)& trying to get the EXEC Shell (15)authorization for authenticated user fron IAS radius server. Have used the aaa authorization command on the ASA & have specified the attributes on the IAS radius as shown in the config guide but still the user is dropped into default exec level. I need to use the enable command to get the user to privilage exec level,
Solved! Go to Solution.
08-18-2009 03:38 PM
Hi All,
Though the "Exec authorization command" has been introduced in ASA code 7.1 but the ASA does not support AAA Exec Authorization functionality yet, so it cannot be configured with TACACS or RADIUS.
The enhancement request has already been filed on this.
08-05-2009 05:14 AM
You can't go directly to enable mode, you must enter a second password. The ASA is a security appliance and it requires 'two-factor' authentication.
08-05-2009 06:00 AM
Yes, firewall does not support exec authorization so there is no way you can directly fall in enable mode. Be it radius or tacacs.
Regards,
~JG
08-17-2009 06:28 AM
jagdeep,
Hi, I am using microsoft radius server to authenticate the users. I would like to get the exec shell level 15 authorization from the radius as well.
As per the config giude i need to add the aaa authorization command ont ASA. I then need to configur the radius attributes as shown in the config guide. This ii have done but it still dose not work. The config guide says i can the the exec shell 15 authorization from the radius. Is it possible for you to confirm this or this not possible & my interpritation of the config guide is not correct.
I am going to some investigation on the box this week end. So any help would be appriciated
08-17-2009 06:22 AM
Collin,
Hi, I am using Windows Radius server to do the authentication. I would like to get the exec authorization from the Radius as well. I have added the aaa authorization command on to the ASA.
The config guides says this should work if the attributes are appropriate on the Radius. I have configured them on the radius according to the cisco config guide but it is still not working.
Are you saying this dose not work in the 8.0 code ??
08-18-2009 03:38 PM
Hi All,
Though the "Exec authorization command" has been introduced in ASA code 7.1 but the ASA does not support AAA Exec Authorization functionality yet, so it cannot be configured with TACACS or RADIUS.
The enhancement request has already been filed on this.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: