Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Using IAS radius for authentication

Hello,

I have managed to setup our routers so they use my Active Directory user account to logon I followed these instructons:

http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/

These instructions give me privilege 15, does anyone know how I can give say privilege 4 to another user?

Thanks

4 REPLIES

Re: Using IAS radius for authentication

Hello,

I have managed to setup our routers so they use my Active Directory user account to logon I followed these instructons:

http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/

These instructions give me privilege 15, does anyone know how I can give say privilege 4 to another user?

Thanks

Hi,

Check out the below link for IAS radius configuration

http://www.tech-recipes.com/rx/1478/how-to-setup-ias-to-use-radius-to-authenticate-cisco-device/

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Community Member

Re: Using IAS radius for authentication

Thanks I have followed that and although I can logon it seems the I get Priv 15 for both.  Do I have to do anything on the routers to devide priv 1?  I logged in using priv 1 account and I cound rename the router and write to the startup config, I don't think a priv 1 user could do that?

Thanks

Re: Using IAS radius for authentication

Thanks I have followed that and although I can logon it seems the I get Priv 15 for both.  Do I have to do anything on the routers to devide priv 1?  I logged in using priv 1 account and I cound rename the router and write to the startup config, I don't think a priv 1 user could do that?

Thanks

Try Changing the shell:priv-lvl=15 to shell:priv-lvl=1 and then try are you able to login in your router with privillage 1 access or not !!

Hope to help !!

Ganesh.H

Remember to rate the helpful post

Re: Using IAS radius for authentication

While you're logged in, do a "show priv". It will show you what your current privilege level is.

I don't know about IAS, but I use Steel Belted, and I can set up individual user accounts to be passed a certain privilege level. For example, if I have two users:

Bob: Priv 2

Mary: Priv 3

Supervisor: Priv 15

In their account on the radius server, I would set them up as individual accounts (or link them in AD), and the set their return attribute to shell:priv-lvl=2,3, or 15 respectively for the user. Then when they log into the router, they'd be at that level.

You do have to set up your privilege levels on the router though. If you don't want "show run" to run at say privilege 3, then move "show run" to privilege 4. It's a beating, but it'll be worth it in the end.

HTH,

John

HTH, John *** Please rate all useful posts ***
833
Views
0
Helpful
4
Replies
CreatePlease to create content