09-19-2013 02:57 AM - edited 02-21-2020 04:59 AM
Hi,
we have two Ad Groups on Group for network Admins an one for Systems Admins. The network Admins will get the Priv lvl 15 the other Priv lvl 3.
This is the configuration that i use:
TestASA# sh run ldap attribute-map test4
map-name comment Privilege-Level
map-value comment fw-ro 5
map-value comment fw-rw 15
map-name memberOf IETF-Radius-Service-Type
map-value memberOf "cn=sec-FW-Admin,OU=Security Groups,DC=802101,DC=local" 6
map-value memberOf "cn=sec-fw-ro,OU=Security Groups,DC=802101,DC=local" 5
The user in both groups can login via ssh and asdm but all user get the same rights priv lvl 15.
Has anybody an idea?
Solved! Go to Solution.
10-01-2013 05:58 PM
You need to visit the below listed link to configure ASA for read-only access and admin access. Not sure, if you have already gone through it.
https://supportforums.cisco.com/docs/DOC-33843
~BR
Jatin Katyal
**Do rate helpful posts**
10-01-2013 05:58 PM
You need to visit the below listed link to configure ASA for read-only access and admin access. Not sure, if you have already gone through it.
https://supportforums.cisco.com/docs/DOC-33843
~BR
Jatin Katyal
**Do rate helpful posts**
10-07-2013 03:30 AM
Thank you Jatin Katyal,
the document was helpful, but the point are note in the document.
it is important set the "Enable authorization for ASA command access "Enable an click on "Set ASDM Define User Roles..." button.
greets
Markus Thun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide