11-30-2006 11:44 PM - edited 03-10-2019 02:51 PM
Hi!
I've already asked my question, how to get directly to enable mode after log in to the FWSM via ssh in the sub forum "general", but i try it again here.
I created some users with privilege level 15, that are able to log in to the FWSM via ssh. But after log in, they are only in unprivileged mode (FWSM>). To get to enable mode (privileged mode), they have to type in "enable" and their password again. So i want to avoid that second step so my users are in enable mode (FWSM#) straight after they log in via ssh.
Obviously it works, when ACS/TACAS/RADIUS is used due to the line " aaa authorization exec default group tacacs+ if-authenticated" as someone suggested in another posting here.
But does it also work, when i just have a FWSM and its local user database?
Thanks,
Marco
12-06-2006 02:37 PM
Yes, " aaa authorization exec default group tacacs+ if-authenticated" will work
01-15-2007 06:10 AM
What is the commands to jump directly into enable mode on the fwsm (without typing enable)?
I have the same problem.
Isn't " aaa authorization exec default group tacacs+ if-authenticated" for IOS Devices?
Do you know the commands for FWSM?
So far i've been trying:
aaa authentication telnet console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authentication http console TACACS LOCAL
aaa authentication ssh console TACACS LOCAL
aaa accounting command TACACS
I Had som tiny problems with the ACS Server. I forgot to change the user configuration:
- Use Group Level TACACS+ Enable control
- Use Cisco Secure PAP password as TACACS+ Enable password.
I also have a issue logging in with users that should have privilege level between 1 and 15.
I cannot type "enable 2" - to jump into privilege level 2 (The FWS sais: not allowed when configured for aaa authentication)
When typing enable (and the ACS group-settings says 2) i get the following error message on the acs server:
T+ enable privilege to low
Have you enconcured this problem also?
(BTW the ACS Config works with IOS devices)
Thanx Jarle
01-15-2007 08:07 AM
FWSM does not have exec authorization. The user cannot login to privilege level directly. They have to go through "enable".
Regards,
Vivek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide