02-03-2009 11:28 AM - edited 03-10-2019 04:19 PM
Hi,
we are using cisco ACS 4.2 version. In that i am having around 150 NDG group. and from the user side we have to group namely read only group & administrator group.
Now problem for me is for few of the NDG groups read only users require previlege 15 access.
Can somebody help me how to do the configurations for this.
02-03-2009 12:03 PM
OK, first, in the Interface Configuration, make sure "Per-user TACACS+/RADIUS Attributes" is selected. Next in each of the user configurations that require special privilege configuration, go to "Advanced TACACS+ Settings" and under "TACACS+ Enable Control:" select "Define max Privilege on a per network device group basis" and configure the privilege level with the appropriate NDG.
02-04-2009 02:15 AM
Hi,
Thanks for your quick reply.
i have done all the things as mentioned by you, still i am getting the error as below.
Command authorization failed.
My existing configuration in the device as follows:
APMPLSCR1#sh run | inc tacacs
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
ip tacacs source-interface GigabitEthernet0/0
tacacs-server host 100.6.5.44
tacacs-server timeout 15
tacacs-server key 7 09581A1D4D5514
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide