Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

tacacs+ w/ PIX firewall

using tac_plus I have definition for service=shell and priv-lvl 15. can't figure out why my user does get that priv level when authentication, only logs the user in at.

Firewall> sh curpriv

Username : user-15

Current privilege level : 1

Current Mode/s : P_UNPR

#### on TACACS ####

group = admin {

default service = permit

service = shell {

priv-lvl = 15

}

}

user = user-15

login = des REEU@#@#RWD

member = admin

}

}

#### on Firewall ####

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (outside) host X.X.X.X

key ******

server-port XXX

aaa authentication ssh console TACACS+ LOCAL

aaa authentication serial console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authorization command TACACS+ LOCAL

3 REPLIES
Silver

Re: tacacs+ w/ PIX firewall

What version of software are you running in the PIX device ?

Community Member

Re: tacacs+ w/ PIX firewall

7.1(2)12, fyi, i got it working. didn't realize that the priv-lvl does not work with the shell. I was able to enable into pix with tacacs pwd. and my routers do the priv-lvl with service=exec.

Community Member

Re: tacacs+ w/ PIX firewall

Hi, I have the exact same issues that you've described and it would be helpful if you can share the solution that worked for you. Specifically the tac_plus config you used to allow users to log into enable mode with their tac_plus credentials.

Thanks,

Matt

163
Views
0
Helpful
3
Replies
CreatePlease to create content