Read only ASDM with Tacacs+
sucanushie
Member Posts: 163
I'm trying to give access to some users on my ASA's via Tacacs+ on our ACS
On the ACS I did the following
-Added ASA to the ACS
-Created User
-Created Shell profile giving Priv 5
-Created a command set for all commands
-Created auth profile for said user with the shell profile and all commands, command set.
On the ASA I set up AAA authentication and authorization for HTTP then used the predefined user roles which sets Priv 5 as read only.
When I log in I can make changes on the config menu.
If I change the AAA to the local DB and create a user with Priv 5 it works as expected. I can get to the config menu but when I apply changes it says I don't have rights to do so.
When I do a a curpriv from ASDM on both the local account and the tacacs account they show as priv level 5.
I'm not sure what I'm missing.
On the ACS I did the following
-Added ASA to the ACS
-Created User
-Created Shell profile giving Priv 5
-Created a command set for all commands
-Created auth profile for said user with the shell profile and all commands, command set.
On the ASA I set up AAA authentication and authorization for HTTP then used the predefined user roles which sets Priv 5 as read only.
When I log in I can make changes on the config menu.
If I change the AAA to the local DB and create a user with Priv 5 it works as expected. I can get to the config menu but when I apply changes it says I don't have rights to do so.
When I do a a curpriv from ASDM on both the local account and the tacacs account they show as priv level 5.
I'm not sure what I'm missing.
Comments
-
Hondabuff
Member Posts: 667 ■■■□□□□□□□
Have you tried using this line yet?
aaa authorization exec default group tacacs+ local“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln