09-14-2006 06:26 AM - edited 03-10-2019 02:45 PM
I am trying to allow specific users to have limited priviledges when logging on to AAA clients. I have the authentication working, however I am unable to specify what commands they can use. I have tried using a per command authorization sets with no luck. Has anyone had any success with this?
09-18-2006 10:17 PM
Hi
I personally know of 100s of customers who use this feature. So yes it does work.
Can you provide any more info?
10-11-2006 09:33 AM
My experience with tacacs command authorization is that once you give up "conf t" that's it, you've given them everything. Tac seems unable to delve further down the command chain than one level, so you can choose to allow "conf net" instead, but anything beyond that and your configuration is irrelavent.
12-05-2006 05:14 AM
Hi Rookie,
Try like this it will help you:
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ group windows-users local
aaa accounting exec default start-stop group tacacs+
Regards,
Arun
12-05-2006 09:48 AM
Try the following whitepaper:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080088893.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide