The ASA authorization is quite different and I don't find a doc explaining it completely.
I spent quite a long time to narrow down it's behavior. This is how it works but still I see issues. With ASA, even if you login using priv 15, it will land on exec mode only. Now, if you want a particular privilege level to be in effect, then you should use the enable and priv level or use login. login can be used with local database only. With tacacs, you should use enable. sol-lab-asa2> login sol-lab-asa2> enable <0-15> If you want to get prompt for username/password confgure "aaa authentication enable console" which disables the funtionality of enable command and prompts for credential. aaa authorization exec authentication-server aaa authorization command (tacacs group> Again, this is my findings. With regards Kings On Thu, Dec 16, 2010 at 9:35 PM, Osama Mustafa <[email protected]> wrote: > Working on Shell now When I read This : > > https://supportforums.cisco.com/docs/DOC-2947 > > I am confused now and I will try again, with my current IOS version with > this command > *aaa authorization exec authentication-server* > * * > Thanks Man, > > Osama > > On Thu, Dec 16, 2010 at 6:36 PM, Kingsley Charles < > [email protected]> wrote: > >> Are you referring to shell authorization or cut-through proxy >> authorization? >> >> Both worked for me. >> >> With regards >> Kings >> >> >> On Thu, Dec 16, 2010 at 7:48 PM, Osama Mustafa <[email protected]>wrote: >> >>> Thanks a lot, So Please Did you try to apply Authorization at ASA and >>> ACS . >>> >>> cause I Already tried and no luck. >>> >>> Regards, >>> >>> Osama >>> >>> >>> >>> On Thu, Dec 16, 2010 at 2:05 PM, Kingsley Charles < >>> [email protected]> wrote: >>> >>>> With both TACACS and RADIUS, Accouting and Authorization are >>>> independent, isnt it? >>>> >>>> With regards >>>> Kings >>>> >>>> On Thu, Dec 16, 2010 at 1:26 PM, Osama Mustafa >>>> <[email protected]>wrote: >>>> >>>>> Dears, >>>>> >>>>> Is it possible to Apply Accounting on ASA (5520 - v8.03) without >>>>> applying Authorization? >>>>> >>>>> And If I apply Authorization Connectivity to ASA it failed, Do >>>>> anybody apply it with TACACS+ at ACS 4.2 for ASA. >>>>> >>>>> Please I am waiting for your Help, >>>>> >>>>> Regards, >>>>> >>>>> Osama Al-Ajarmh, >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> For more information regarding industry leading CCIE Lab training, >>>>> please visit www.ipexpert.com >>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
