Hello, Piotr, Yes I had them enabled as follows below and apparently the culprit was the ACS server. I miraculously started working after the rebooted it. Thanks anyways for looking into it.
aaa authorization commands 1 VTY-SSH group tacacs+ local line vty 0 4 authorization commands 1 VTY-SSH authorization commands 15 VTY-SSH authorization exec VTY-SSH login authentication VTY-SSH line vty 5 15 authorization commands 1 VTY-SSH authorization commands 15 VTY-SSH Cheers, Eugene From: Piotr Kaluzny [mailto:[email protected]] Sent: Sunday, July 29, 2012 12:40 PM To: Eugene Pefti Subject: Re: [OSL | CCIE_Security] Commands authorization with TACACS Eugene Have you enabled cmd authorization for level 1 (globally and under VTY) ? Regards, -- Piotr Kaluzny CCIE #25665 (Security), CCSP, CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com On Sun, Jul 29, 2012 at 9:06 PM, Eugene Pefti <[email protected]<mailto:[email protected]>> wrote: Guys, I'm pulling my hair not understanding why it happens. The user (priv 15) is assigned a set of commands which are as follows: Show "permit ver" (no permit unmatched arguments) Show "permit proc cpu" (no permit unmatched arguments) Configure "permit terminal" (no permit unmatched arguments) Interface (permit unmatched arguments) Shutdown (permit unmatched args) No "permit shutdown" (no permit unmatched arguments) All required exec and commands authorization commands are configured and applied to VTY lines. When the user logs in via VTY he is perfectly able to run all show commands regardless of having only two show commands allowed. I don't understand what was the point of allowing only two priv 1 commands in the task for the user with priv 15. I see that all show commands are of priv 1 and they are allowed in TACACS administration Eugene _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
