I'm trying to get Secure Copy (SCP) working to a Cisco switch configured to authenticate access via TACACS+ off Cisco ACS.
I've read the SCP documentation (http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087b18.html) and enabled SSH and SCP as described. I can SSH into the switch without a problem.
However, when I try and use scp from a unix workstation to copy startup-config (scp firstname.lastname@example.org:nvram/startup-config startup-config) I get the error "Privilege denied."
I assume that this is because the user "craig" (configured in Cisco ACS) needs to "enable" to get to privilege 15 in order to access the file "nvram:startup-config".
The examples in the SCP configuration document uses a local privilege 15 user (username superuser privilege 2 password 0 superpassword) which does not need to "enable".
How do you achieve this using Cisco ACS? I can't find anywhere is Cisco ACS to configure a user to have privilege 15 by default. Am I missing something?
Any help would be greatly appreciated.