Thanks A Lot Mr. Kingsley you make the picture so much clear for me,
Appreciated your Help, Best Regards, Osama Al-Ajarmh On Fri, Dec 17, 2010 at 8:33 AM, Kingsley Charles < [email protected]> wrote: > The ASA authorization is quite different and I don't find a doc explaining > it completely. > > I spent quite a long time to narrow down it's behavior. This is how it > works but still I see issues. > > With ASA, even if you login using priv 15, it will land on exec mode only. > Now, if you want a particular privilege level to be in effect, then > you should use the enable and priv level or use login. login can be used > with local database only. > > With tacacs, you should use enable. > > sol-lab-asa2> login > sol-lab-asa2> enable <0-15> > > If you want to get prompt for username/password confgure "aaa > authentication enable console" which disables the funtionality of enable > command and prompts for credential. > > aaa authorization exec authentication-server > aaa authorization command (tacacs group> > > Again, this is my findings. > > > With regards > Kings > > > On Thu, Dec 16, 2010 at 9:35 PM, Osama Mustafa <[email protected]>wrote: > >> Working on Shell now When I read This : >> >> https://supportforums.cisco.com/docs/DOC-2947 >> >> I am confused now and I will try again, with my current IOS version with >> this command >> *aaa authorization exec authentication-server* >> * * >> Thanks Man, >> >> Osama >> >> On Thu, Dec 16, 2010 at 6:36 PM, Kingsley Charles < >> [email protected]> wrote: >> >>> Are you referring to shell authorization or cut-through proxy >>> authorization? >>> >>> Both worked for me. >>> >>> With regards >>> Kings >>> >>> >>> On Thu, Dec 16, 2010 at 7:48 PM, Osama Mustafa <[email protected]>wrote: >>> >>>> Thanks a lot, So Please Did you try to apply Authorization at ASA and >>>> ACS . >>>> >>>> cause I Already tried and no luck. >>>> >>>> Regards, >>>> >>>> Osama >>>> >>>> >>>> >>>> On Thu, Dec 16, 2010 at 2:05 PM, Kingsley Charles < >>>> [email protected]> wrote: >>>> >>>>> With both TACACS and RADIUS, Accouting and Authorization are >>>>> independent, isnt it? >>>>> >>>>> With regards >>>>> Kings >>>>> >>>>> On Thu, Dec 16, 2010 at 1:26 PM, Osama Mustafa >>>>> <[email protected]>wrote: >>>>> >>>>>> Dears, >>>>>> >>>>>> Is it possible to Apply Accounting on ASA (5520 - v8.03) without >>>>>> applying Authorization? >>>>>> >>>>>> And If I apply Authorization Connectivity to ASA it failed, Do >>>>>> anybody apply it with TACACS+ at ACS 4.2 for ASA. >>>>>> >>>>>> Please I am waiting for your Help, >>>>>> >>>>>> Regards, >>>>>> >>>>>> Osama Al-Ajarmh, >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> For more information regarding industry leading CCIE Lab training, >>>>>> please visit www.ipexpert.com >>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
