That's pretty cool....Free TACACS server !!! I have configured TACACS
before and yes we did have to put a login local option should the tacacs
server fail. I was just playing around with the privilege command. Thanks
for your help.
I have a Unix box at work. Can I download the tacacs software on it,
compile it and then use it on a NT 4.0 box? Any instructions/directions
that you can provide is highly appreciated.
>From: "Sean Young" >Reply-To: "Sean Young" >To: [EMAIL PROTECTED]
>Subject: RE: Privilege Level command driving me nuts!! [7:19158] >Date:
Sun, 9 Sep 2001 11:07:08 -0400 > >Don't mess around with privilege level
command. Jeff is correct is that >you should build yourself a TACACS
server (after all, it is free). >Another thing, Authorization, does it
ring a bell? Even with TACACS, one >of the complaint that I've heard
about customers is that somehow, if the >router can NOT reach TACACS
server, somehow you will have to configure >local authorization (i.e. on
the router) for this to work. If the router >can reach TACACS server,
authorization on TACACS server can provide very >fine granular control
over what a user can/can't do. Download the TACACS >source code from
Cisco website and compile it on a UNIX box and you will >have a TACACS
server to play with. It is very simple. > > >From: "Jeff Chambers"
>Reply-To: "Jeff Chambers" >To: >[EMAIL PROTECTED] >Subject: RE:
Privilege Level command driving me >nuts!! [7:19158] >Date: Sun, 9 Sep
2001 02:00:50 -0400 > >You can reset a >command to its normal priv level
using the format > >privilege exec reset >put_the_entire_command_here >
>Configuring privilege levels for commands >on a router can be very
>frustrating. It also doesn't scale well in a >medium to large >network.
The best production method I have found is to >use TACACS. >You can
assign all users privilege level 15 and allow or >deny >commands at the
user or group level. In my testing (it has been >9 >months or so, this
may have changed), the user must be at privilege level > >15 in order to
receive valid output from the show running-configuration > >command. It
will return a blank configuration if the user is not >at >privilege level
15. > >Jeff. > >-----Original Message----- >From: >[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of >Cisco >Nuts >Sent: Sunday,
September 09, 2001 12:59 AM >To: [EMAIL PROTECTED] > >Subject:
Privilege Level command driving me nuts!! [7:19158] > > >Hi,I >am trying
to configure privilege exec level commands on my router >but am >going
nuts at the output of these commands:Basically, here is what >I >have
configured:#enable secret level 3 cisco! #privilege exec level 3 >
>ping#privilege exec level 3 traceroute#privilege exec level 3 show ip >
>route#privilege exec level 3 show startup-configuration#privilege exex >
>level 3 show running-configuration!# When I do a log in using enable >
>secret level 3, I can get the output of the #sh star command but not of
> >the #sh ru command?Also, when I do a sh ru on the router using regular
> >privilege level(15), I see 2 additional commands automatically
>configured >for me:#privilege exec level 1 show#privilege exec level 1
>show ip It >will NOT let me remove these 2 commands nor will it let me
>change this to >privilege level 3.Nor will it let me remove any
>individual commands!!What's >going on? Any ideas? Thank you for your
>help.Kind regards.Nuts!! > >
>------------------------------------------------------------------------
> > >Get your FREE download of MSN Explorer at http://explorer.msn.com >
> >misconduct and Nondisclosure violations to [EMAIL PROTECTED] >
>------------------------------------------------------------------------
> >Get your FREE download of MSN Explorer at http://explorer.msn.com > >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]
------------------------------------------------------------------------
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19184&t=19158
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
