09-08-2006 10:23 AM
using tac_plus I have definition for service=shell and priv-lvl 15. can't figure out why my user does get that priv level when authentication, only logs the user in at.
Firewall> sh curpriv
Username : user-15
Current privilege level : 1
Current Mode/s : P_UNPR
#### on TACACS ####
group = admin {
default service = permit
service = shell {
priv-lvl = 15
}
}
user = user-15
login = des REEU@#@#RWD
member = admin
}
}
#### on Firewall ####
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ (outside) host X.X.X.X
key ******
server-port XXX
aaa authentication ssh console TACACS+ LOCAL
aaa authentication serial console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authorization command TACACS+ LOCAL
09-14-2006 06:17 AM
What version of software are you running in the PIX device ?
09-14-2006 09:37 AM
7.1(2)12, fyi, i got it working. didn't realize that the priv-lvl does not work with the shell. I was able to enable into pix with tacacs pwd. and my routers do the priv-lvl with service=exec.
08-09-2008 08:38 PM
Hi, I have the exact same issues that you've described and it would be helpful if you can share the solution that worked for you. Specifically the tac_plus config you used to allow users to log into enable mode with their tac_plus credentials.
Thanks,
Matt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide