Read only ASDM with Tacacs+

sucanushiesucanushie Posts: 163Member
I'm trying to give access to some users on my ASA's via Tacacs+ on our ACS

On the ACS I did the following

-Added ASA to the ACS
-Created User
-Created Shell profile giving Priv 5
-Created a command set for all commands
-Created auth profile for said user with the shell profile and all commands, command set.

On the ASA I set up AAA authentication and authorization for HTTP then used the predefined user roles which sets Priv 5 as read only.

When I log in I can make changes on the config menu.

If I change the AAA to the local DB and create a user with Priv 5 it works as expected. I can get to the config menu but when I apply changes it says I don't have rights to do so.

When I do a a curpriv from ASDM on both the local account and the tacacs account they show as priv level 5.

I'm not sure what I'm missing.

Comments

  • HondabuffHondabuff Posts: 667Member ■■■□□□□□□□
    Have you tried using this line yet?
    aaa authorization exec default group tacacs+ local
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
Sign In or Register to comment.