Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ASA User Privileges

I'm running 9.1.4 on an ASA 5540.

I'm trying to setup a seperate privilege level so my rancid system can login and get the configuration, but can't actually change anything. I've put the following commands into the ASA config:

aaa authorization command LOCAL

username rancid password ... encrypted privilege 4

privilege show level 4 mode exec command running-config

privilege show level 4 mode exec command curpriv

But when I login as user rancid, I get no "show" command available to me.

What have I done wrong?

Thanks,

GTG

Please rate all helpful posts.
4 REPLIES

ASA User Privileges

GTG-

Are you in exec mode? Have you tried a show run even though it doesn't show up?

ASA User Privileges

Type help or '?' for a list of available commands.

asa-1/act>

asa-1/act> show run

                      ^

ERROR: % Invalid input detected at '^' marker.

ERROR: Command authorization failed

asa-1/act> show curpriv

                       ^

ERROR: % Invalid input detected at '^' marker.

asa-1/act>

:-(

Please rate all helpful posts.

ASA User Privileges

Can you add an enable password to level 4-

enable password R@nCiDPaSsW0rD level 4

Once rancid logs in, can you type enable 4 and see if the commands work?

ASA User Privileges

That works a treat.

Just to tell rancid to only try level 4.

Thanks,

GTG

Please rate all helpful posts.
286
Views
5
Helpful
4
Replies