Hi,<br><br>Here is my tac_plus config... How do I modify the privilege level on H3C?<br><br>user = vetoll {<br> login = PAM<br> member = lab<br> maxsess = 10<br>}<br><br><br>#LAB Group<br>group = lab {<br>
default service = permit<br> service = exec {<br> priv-lvl=15<br> }<br>}<br><br><br>This is my debug from the H3C switch... my user just fails to login.<br><br>
*May 2 12:42:22:696 2000 H3C.Linux.Core TAC/7/Event: Create HWTACACS authentication request packet success<br>*May 2 12:42:22:698 2000 H3C.Linux.Core TAC/7/Event:<br>TAC_MESSAGE for AAA->TAC:<br>*May 2 12:42:22:699 2000 H3C.Linux.Core TAC/7/Event:<br>
TAC_MESSAGE for AAA->TAC:<br>UserID=50 PacketType=3 AuthenType=1<br>AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0<br>UserName=vetoll@lab.test PortName=vty1 RemAddress=10.0.0.5<br>UserMsg= DataMsg=<br><br>
*May 2 12:42:22:741 2000 H3C.Linux.Core TAC/7/Event:<br>TAC_MESSAGE for AAA->TAC:<br>*May 2 12:42:22:743 2000 H3C.Linux.Core TAC/7/Event:<br>TAC_MESSAGE for AAA->TAC:<br>UserID=50 PacketType=3 AuthenType=1<br>AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0<br>
UserName=vetoll@lab.test PortName=vty1 RemAddress=10.0.0.5<br>UserMsg= DataMsg=<br><br>*May 2 12:42:22:744 2000 H3C.Linux.Core TAC/7/Event: Successfully found the FIB information for the server (Server IP: 10.200.159.251, VPN index: 0).<br>
*May 2 12:42:22:745 2000 H3C.Linux.Core TAC/7/Event: Got nas-ip 10.0.0.3 and VPN 0 of server 10.200.159.251.<br>*May 2 12:42:22:746 2000 H3C.Linux.Core TAC/7/Event: Successfully set socket VPN attribute (VPN index: 0).<br>
*May 2 12:42:22:748 2000 H3C.Linux.Core TAC/7/Event:<br> hwtacacs create new session :<br> session id: 24107, user id: 50, server ip: 10.200.159.251<br>*May 2 12:42:22:749 2000 H3C.Linux.Core TAC/7/Event:<br>version:c0 type:AUTHEN_REQUEST<br>
seq_no:1 flag:ENCRYPTED_FLAG<br>session_id:5e2b length:42<br>action:AUTHEN_LOGIN priv_lvl:VISIT authen_type:AUTHEN_TYPE_ASCII<br>service:AUTHEN_SVC_LOGIN<br>user len:22 port len:4 rem_addr len:8 data len:0<br>
user name:vetoll@lab.test port:vty1 rem_addr:10.0.0.5 data:<br><br>*May 2 12:42:22:750 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:1, server flag: 0,packet flag:0xff<br>*May 2 12:42:22:843 2000 H3C.Linux.Core TAC/7/Event:<br>
hwtacacs packet sending success!<br> version:c0 type:01 sequence:01 flag:00 session id:24107 length:42<br>*May 2 12:42:22:844 2000 H3C.Linux.Core TAC/7/Event: Authentication sending(Result = 0)<br>*May 2 12:42:23:145 2000 H3C.Linux.Core TAC/7/Event:<br>
version:c0 type:AUTHEN_REPLY<br>seq_no:2 flag:ENCRYPTED_FLAG<br>session_id:5e2b length:16<br>status:AUTHEN_STATUS_GETPASS flag:REPLY_FLAG_NOECHO<br>server_msg len:10 data len:0<br>server_msg:Password: data:<br><br>
*May 2 12:42:23:146 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:2, server flag: 0,packet flag:0x5<br>*May 2 12:42:23:147 2000 H3C.Linux.Core TAC/7/Event:<br>version:c0 type:AUTHEN_CONTINUE<br>seq_no:3 flag:ENCRYPTED_FLAG<br>
session_id:5e2b length:15<br>user_msg len:****** data len:0 flag:0<br>user_msg:******<br>data:<br><br>*May 2 12:42:23:148 2000 H3C.Linux.Core TAC/7/Event:<br> hwtacacs packet sending success!<br> version:c0 type:01 sequence:03 flag:00 session id:24107 length:15<br>
*May 2 12:42:23:150 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:1, server flag: 0,packet flag:0xff<br>*May 2 12:42:23:151 2000 H3C.Linux.Core TAC/7/Event: Authentication sending(Result = 0)<br>*May 2 12:42:23:246 2000 H3C.Linux.Core TAC/7/Event:<br>
version:c0 type:AUTHEN_REPLY<br>seq_no:4 flag:ENCRYPTED_FLAG<br>session_id:5e2b length:6<br>status:AUTHEN_STATUS_FAIL flag:REPLY_FLAG_ECHO<br>server_msg len:0 data len:0<br>server_msg: data:<br><br>*May 2 12:42:23:247 2000 H3C.Linux.Core TAC/7/Event:<br>
TAC_MESSAGE for TAC->AAA:<br>*May 2 12:42:23:249 2000 H3C.Linux.Core TAC/7/Event:<br>TAC_MESSAGE for TAC->AAA:<br>ulUserID=50<br>ucTACTemplateNO=0<br>ucflag=2<br>Echo=0<br>ServerMsg=<br><br>*May 2 12:42:23:250 2000 H3C.Linux.Core TAC/7/Event: statistic: transmit flag:2, server flag: 0,packet flag:0x2<br>
*May 2 12:42:23:251 2000 H3C.Linux.Core TAC/7/Event:<br> hwtacacs session is deleted due to finishing session:<br> session id: 24107, user id: 50, server ip: 10.200.159.251<br><br><br>Thanks!!<br>