Re: Local Authorization V/S TACACS authorization.

From: Kal Han (calikali2006@gmail.com)
Date: Thu Jan 11 2007 - 15:26:28 ART

• Next message: Duncan Maccubbin: "Re: Netmaster Bootcamp - Need help"
• Previous message: David Prall: "RE: Dell Network Engineer positions"
• Maybe in reply to: V Shekhar: "Local Authorization V/S TACACS authorization."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You need to enable shell authorization on ACS, for that user
or group if you want these setting for the whole group.
Try this:
Under the TACACS options,
check the "shell" ( checkbox )
and under the same set of options,
in the "privilege" text field enter the value-> 5

after that, when user enters username/password
he will be directly land on exec shell with privilege 5.

Thats all you are missing.

Thanks
Kal

On 1/11/07, V Shekhar <vshekhar25@yahoo.com> wrote:
>
> Thanx to Ivan for pointing a TYPO .PLease disregard my prev post The
> corrected version is below:
> I have noticed one thing that is.
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Case 1: Local authorization.
>
>
> aaa authentication login VTY_AUTH_LOCAL local
>
>
> aaa authorization exec VTY_AUTHOR_LOCAL local
>
>
> username USER5 password PASS5
> username USER5 priviledge 5
>
> line vty 0 4
> login authentication VTY_AUTH_LOCAL
> authorization exec VTY_AUTHOR_LOCAL
>
> when USER5 telnets to the router he is in privilegde leve 5 directly.
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Case 2 Remote authorization
>
> aaa authentication login VTY_AUTH_TAC group tacacs+
>
> aaa authorization exec VTY_AUTHOR_TAC group tacacs+
>
> tacacs-server host x.x.x.x key SECRET
>
>
>
> line vty 0 4
>
> login authentication VTY_AUTH_TAC
>
> authorization exec VTY_AUTHOR_TAC
>
>
> user5 created on ACS with "MAX PRIV=5"
>
> when USER5 logs into the router he is initially @ a priv level1 he needs
> to issue "en 5" to move to priv level5
>
> why is this diff? is ther a way to land the user to priov level 5
> directly?
>
>
>
> Thanx,
> -sHekHar.
> CCSP/CISSP/RHCE.
>
>
>
>
>
>
>
>
> ____________________________________________________________________________________
> Want to start your own business?
> Learn how on Yahoo! Small Business.
> http://smallbusiness.yahoo.com/r-index
>
>
>
>
>
>
>
>
> ____________________________________________________________________________________
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail beta.
> http://new.mail.yahoo.com

• Next message: Duncan Maccubbin: "Re: Netmaster Bootcamp - Need help"
• Previous message: David Prall: "RE: Dell Network Engineer positions"
• Maybe in reply to: V Shekhar: "Local Authorization V/S TACACS authorization."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART