[tac_plus] Re: I Want Privilege Level Control
John Payne
john at sackheads.org
Mon Aug 3 15:34:30 UTC 2009
On Jul 31, 2009, at 11:42 PM, kkokdae at gmail.com wrote:
> Cisco 2950 <-> Fedora Core 9(tacacs server)
>
> I Want Privilege Level Control
>
> [tac_plus.cfg]
> default authentication = pam pap
>
> user = asd {
> login = cleartext "asd"
> service = exec {
> priv-lvl = 15
> }
> }
>
> [switch config]
> aaa authentication login default group tacacs+ local
> aaa authorization exec default group tacacs+
> aaa authorization commands 15 defauolt group tacacs+
>
>
> switch from the login was successful.
> but, does not apply to the privilege level.
> Help me...
aaa authentication enable default group tacacs+ enable none
You might also want:
aaa authorization config-commands
to do per command authorization
More information about the tac_plus
mailing list