ASA User Privileges

Gordon Ross · ‎01-07-2014

I'm running 9.1.4 on an ASA 5540.

I'm trying to setup a seperate privilege level so my rancid system can login and get the configuration, but can't actually change anything. I've put the following commands into the ASA config:

aaa authorization command LOCAL

username rancid password ... encrypted privilege 4

privilege show level 4 mode exec command running-config

privilege show level 4 mode exec command curpriv

But when I login as user rancid, I get no "show" command available to me.

What have I done wrong?

Thanks,

GTG

Please rate all helpful posts.

Collin Clark · ‎01-07-2014

GTG-

Are you in exec mode? Have you tried a show run even though it doesn't show up?

Gordon Ross · ‎01-07-2014

Type help or '?' for a list of available commands.

asa-1/act>

asa-1/act> show run

^

ERROR: % Invalid input detected at '^' marker.

ERROR: Command authorization failed

asa-1/act> show curpriv

^

ERROR: % Invalid input detected at '^' marker.

asa-1/act>

:-(

Please rate all helpful posts.

Collin Clark · ‎01-07-2014

Can you add an enable password to level 4-

enable password R@nCiDPaSsW0rD level 4

Once rancid logs in, can you type enable 4 and see if the commands work?

Gordon Ross · ‎01-07-2014

That works a treat.

Just to tell rancid to only try level 4.

Thanks,

GTG

Please rate all helpful posts.