[tac_plus] Access directly to enable mode
luismi
asturluismi at gmail.com
Wed Apr 8 15:39:39 UTC 2009
Hi all,
I have configured here:
aaa new-model
aaa group server tacacs+ tac-plus
aaa authentication attempts login 2
aaa authentication login default group tac-plus local-case
aaa authentication login console group tac-plus local-case
aaa authorization console
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ local
if-authenticated
aaa authorization commands 1 default group tacacs+ local
if-authenticated
aaa authorization commands 15 default group tacacs+ local
if-authenticated
aaa authorization network default group tac-plus local
aaa accounting send stop-record authentication failure vrf Gestion
aaa accounting suppress null-username
aaa accounting update newinfo periodic 1440
aaa accounting exec default start-stop group tac-plus
aaa accounting commands 0 default start-stop group tac-plus
aaa accounting commands 1 default start-stop group tac-plus
aaa accounting commands 15 default start-stop group tac-plus
aaa accounting network default start-stop group tac-plus
aaa accounting connection default start-stop group tac-plus
aaa accounting system default start-stop group tac-plus
aaa session-id common
and in the tacacs side...
user = userXXX {
name = "the USERXXX"
service = exec {
priv_lvl = 15
}
login = des AABBCCDD
}
It works because I am able to do login to the router but I also need to
do enable to get access to # prompt, and I want to avoid it.
Any idea?
More information about the tac_plus
mailing list