Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 3.1 Failed Attempt

We have a PIX firewall with authorization configured on ACS 3.1 so that certain outside users only have web access to only one machine (cmd:http arguments: permit x.x.x.x). It works fine, however, when I look into my Failed Attempts I often get the message:

Authorization Failure Code: Service Denied

Authorization Data: service=shell cmd*

What is this message about? What does "cmd*" mean?

Thanks!

James

1 REPLY
Bronze

Re: ACS 3.1 Failed Attempt

I think the message simple means that the user is not authorised to do what he/she is trying to do. For example, a user might be trying to telnet to the router but is not authorized to do so.

126
Views
0
Helpful
1
Replies