Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
4
Helpful
4
Replies

Using TACACS+ Authorization

juniorrookie
Level 1
Level 1

‎09-14-2006 06:26 AM - edited ‎03-10-2019 02:45 PM

I am trying to allow specific users to have limited priviledges when logging on to AAA clients. I have the authentication working, however I am unable to specify what commands they can use. I have tried using a per command authorization sets with no luck. Has anyone had any success with this?

Labels:
0 Helpful
4 Replies 4

darpotter
Level 5
Level 5

‎09-18-2006 10:17 PM

Hi

I personally know of 100s of customers who use this feature. So yes it does work.

Can you provide any more info?

0 Helpful

ktokash
Level 1
Level 1
In response to darpotter

‎10-11-2006 09:33 AM

My experience with tacacs command authorization is that once you give up "conf t" that's it, you've given them everything. Tac seems unable to delve further down the command chain than one level, so you can choose to allow "conf net" instead, but anything beyond that and your configuration is irrelavent.

0 Helpful

rajakumar.P
Level 1
Level 1

‎12-05-2006 05:14 AM

Hi Rookie,

Try like this it will help you:

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ group windows-users local

aaa accounting exec default start-stop group tacacs+

Regards,

Arun

Customers Also Viewed These Support Documents