From: Price, Jamie (JPrice@xxxxxxxxxxx)
Date: Fri Aug 03 2001 - 17:42:12 GMT-3
A couple of years ago I saw a demonstration by Novell of Directory Enabled
Networking. It was at Brainshare - the Novell "networkers".
They were using this "privilige" concept within the NDS directory for router
control. It was really cool. Through the NDS admin tools you could enable
users in the network to be able to execute commands on specific interfaces -
say for example you had a bunch of remote sites and you wanted the local
admin's to be able to adjust the configs/work on the inside interfaces of
their routers but to do nothing else on the router - well you could assign
all that through NDS - give user A rights to adjust the config on interface
B, user C rights to adjust the config on interface D, etc.
The cool part was that the telnet and enable passwords were stored in the
NDS database so these users would never get to see them - it would be
entered transparently - the only person who would get to see them would be
the network admin who entered them in the database. I saw such a great use
for it.
Did anyone ever see that? And if so does anyone know whatever happened to
it?
Jamie
-----Original Message-----
From: Karelis, Pete (2507) [mailto:Pete.Karelis@esavio.com]
Sent: Friday, August 03, 2001 10:48 AM
To: 'Diehm, Brian'; 'ccielab@groupstudy.com'
Subject: RE: different level passwords
When the user goes to enter enable mode they need to type in "enable 13"
instead of plain "enable" that way it uses the privilege-level of 13.
Remember though, that you need to specify which commands are level 13
commands, because in the IOS all commands are either level 1 or level 15
commands. There is no in between unless you manually change the privilege
level of each command using the:
privilege exec level [Level#] [Command line]
privilege configure level [Level#] [Command line]
privilege interface level [Level#] [Command line]
You need to change the privilege level of all commands that you want the
level 13 user to use.
-Pete
-----Original Message-----
From: Diehm, Brian [mailto:Brian.Diehm@compaq.com]
Sent: Friday, August 03, 2001 11:31 AM
To: 'ccielab@groupstudy.com'
Subject: different level passwords
I am trying to set up this router so that I can have different passwords for
different users. I don't want to have it where they need to type in a
username and a password. The router refuses to recognize any password other
then the level 15 one. I suspect that I am missing a command but I don't
see any on the documentation CD. Anybody have any ideas?
Thanks,
Brian D
!
version 11.1
service udp-small-servers
service tcp-small-servers
!
hostname r3
!
enable secret level 13 5 $1$oKSI$FP3aQTPZPjxOREhfXgkJN/
enable secret level 14 5 $1$Pfaq$Dk7FLSVPs6Yjvm4n9Nk2t1
enable secret 5 $1$6.5.$jSZo5uJOWTnGHyr7QOtV0.
!
ip subnet-zero
no ip domain-lookup
!
interface Ethernet0
ip address 207.122.2.2 255.255.255.0
!
interface Ethernet1
no ip address
shutdown
!
interface Serial0
ip address 207.122.1.2 255.255.255.0
clockrate 56000
!
interface Serial1
no ip address
shutdown
!
ip classless
logging buffered
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
no login
!
end
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:45 GMT-3