Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
3
Replies

tacacs+ w/ PIX firewall

matt.walls
Level 1
Level 1

‎09-08-2006 10:23 AM

using tac_plus I have definition for service=shell and priv-lvl 15. can't figure out why my user does get that priv level when authentication, only logs the user in at.

Firewall> sh curpriv

Username : user-15

Current privilege level : 1

Current Mode/s : P_UNPR

#### on TACACS ####

group = admin {

default service = permit

service = shell {

priv-lvl = 15

}

}

user = user-15

login = des REEU@#@#RWD

member = admin

}

}

#### on Firewall ####

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (outside) host X.X.X.X

key ******

server-port XXX

aaa authentication ssh console TACACS+ LOCAL

aaa authentication serial console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authorization command TACACS+ LOCAL

Labels:
0 Helpful
3 Replies 3

amritpatek
Level 6
Level 6

‎09-14-2006 06:17 AM

What version of software are you running in the PIX device ?

0 Helpful

matt.walls
Level 1
Level 1
In response to amritpatek

‎09-14-2006 09:37 AM

7.1(2)12, fyi, i got it working. didn't realize that the priv-lvl does not work with the shell. I was able to enable into pix with tacacs pwd. and my routers do the priv-lvl with service=exec.

0 Helpful

trasheuro
Level 1
Level 1
In response to matt.walls

‎08-09-2008 08:38 PM

Hi, I have the exact same issues that you've described and it would be helpful if you can share the solution that worked for you. Specifically the tac_plus config you used to allow users to log into enable mode with their tac_plus credentials.

Thanks,

Matt

0 Helpful
Customers Also Viewed These Support Documents