+ Reply to Thread
Results 1 to 2 of 2
  1. Senior Member sucanushie's Avatar
    Join Date
    Apr 2013
    Location
    Canada
    Posts
    158

    Certifications
    MCTS, Windows 7, MCITP: EDA Win7,CCNA Security,CCNA Voice, CCNP R&S
    #1

    Default Read only ASDM with Tacacs+

    I'm trying to give access to some users on my ASA's via Tacacs+ on our ACS

    On the ACS I did the following

    -Added ASA to the ACS
    -Created User
    -Created Shell profile giving Priv 5
    -Created a command set for all commands
    -Created auth profile for said user with the shell profile and all commands, command set.

    On the ASA I set up AAA authentication and authorization for HTTP then used the predefined user roles which sets Priv 5 as read only.

    When I log in I can make changes on the config menu.

    If I change the AAA to the local DB and create a user with Priv 5 it works as expected. I can get to the config menu but when I apply changes it says I don't have rights to do so.

    When I do a a curpriv from ASDM on both the local account and the tacacs account they show as priv level 5.

    I'm not sure what I'm missing.
    Reply With Quote Quote  

  2. Network Engineer Hondabuff's Avatar
    Join Date
    Aug 2012
    Location
    USA
    Posts
    637

    Certifications
    CCNA:S, CCNA, CCENT, CCNP:R&S,MECP, A+, Network+, Security+, Network Security Diploma
    #2
    Have you tried using this line yet?
    aaa authorization exec default group tacacs+ local
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks