Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
668
Views
0
Helpful
4
Replies

direct enable mode acess with the Help of ACS

jain.nitin
Level 3
Level 3

‎07-08-2009 09:34 AM - edited ‎03-10-2019 04:34 PM

Dear All, I am trying to setup a group which has priv 15 access & they should see enable mode after authentication via ACS, they should not be asked for enable password. How ca I do this, I am unable to do so. I tried it but its not working. What I need is ACS should assign priv level 15 to configured users. I dont want to use Shell commands set.

Same thing I need for ASA firewall as well..

Is there any way to achive this.

Labels:
0 Helpful
4 Replies 4

Jagdeep Gambhir
Level 10
Level 10

‎07-08-2009 10:16 AM

For IOS devices,

Router(config)# username [username] password [password]

tacacs-server host [ip]

tacacs-server key [key]

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

On ACS

Bring users/groups in at level 15

1. Go to user or group setup in ACS

2. Drop down to "TACACS+ Settings"

3. Place a check in "Shell (Exec)"

4. Place a check in "Privilege level" and enter "15" in the adjacent field

This feature is not supported on ASA/firewalls.

Regards,

~JG

Do rate helpful posts

0 Helpful

jain.nitin
Level 3
Level 3
In response to Jagdeep Gambhir

‎07-08-2009 10:30 AM

I tried this but it didnt work for me see my config below on deivces

aaa new-model

aaa group server tacacs+ bwaaa

server 10.2.6.1

server 10.2.6.2

ip tacacs source-interface Vlan1111

!

aaa authentication login aaa-list group bwaaa local

aaa authentication enable default group bwaaa enable

aaa authorization exec aaa-list group bwaaa local

aaa accounting exec aaa-list start-stop group bwaaa

aaa accounting commands 1 aaa-list start-stop group bwaaa

aaa accounting commands 15 aaa-list start-stop group bwaaa

aaa accounting system default start-stop group bwaaa

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to jain.nitin

‎07-08-2009 12:03 PM

First try with simple vanilla config

tacacs-server key [key]

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

If still issue is there get the debugs then

debug aaa authentication

debug aaa authorization

debug tacacs

Regards,

~JG

0 Helpful

jain.nitin
Level 3
Level 3
In response to Jagdeep Gambhir

‎07-09-2009 11:15 AM

Hi, Thanks it worlked with default list but it is not working with my defined list..I dont know whats the reason behind that..do you have any idea

0 Helpful
Customers Also Viewed These Support Documents