From: Michael Locke (mi_locke@xxxxxxxxx)
Date: Mon Aug 06 2001 - 01:52:41 GMT-3
Hi all,
I cant seem to get the privilege level thing to go my
way. Below is my config (with interface etc left
out) I was trying to enable a lower privilege level
for a user and give me the ability to do show
commands, but it isnt working out. I have read the
doc CD about this 3 times because it seems quite easy
and straight forward, but I am obviously missing
something. Also, I re read all the e mails already in
this thread about this subject and am sorry for bring
it back up. I started off trying this w/o using any
aaa commands and tried to implement 2 enable passwords
with different levels, but that didnt work either.
Thanks in advance,
michael
router#show run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
aaa new-model
aaa authentication login default local
enable secret level 5 5 $1$CYSj$AB2fAh5iniRXQ6dWNBZlA.
enable password c
!
username tom privilege 15 password 0 cat
username jerry privilege 5 password 0 mouse
ip subnet-zero
no ip domain-lookup
!
privilege exec level 5 show
!
line con 0
exec-timeout 0 0
password c
transport input none
line aux 0
exec-timeout 0 0
password c
line vty 0 4
exec-timeout 0 0
password c
!
no scheduler allocate
end
router#
So I log in with Jerry who should have level 5
access.
User Access Verification
Username: jerry
Password:
router>show privi
^
% Invalid input detected at '^' marker.
router>en ----- here I do goto enable mode w/ a
level 15 password
Password:
router#show privi
Current privilege level is 15
But also, I have a level 5 enable password defined
which the IOS converts automatically to an enable
secret:
enable secret level 5 5 $1$CYSj$AB2fAh5iniRXQ6dWNBZlA.
And when I try to use it I get:
router>en
Password:
% Access denied
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:45 GMT-3