Re: Priviledge commands

From: balaji.balakrishnan (balaji.balakrishnan@swift.com)
Date: Thu Apr 24 2003 - 13:02:59 GMT-3

• Next message: david: "testing material LIST"
• Previous message: Yasser Aly: "RE: OT [ Convert a flash card from Class B filesystem to Class"
• Maybe in reply to: Jason Cash: "Priviledge commands"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Add this hidden command

aaa authorization console

rgds
Bala.

James.Jackson@broadwing.com wrote:

> You can change the default priv level on the line if that helps... i.e.
> on con vs. vty
>
> James
>
> -----Original Message-----
> From: Jason Cash [mailto:cash2001@swbell.net]
> Sent: Wednesday, April 23, 2003 5:28 PM
> To: ccielab@groupstudy.com
> Subject: RE: Priviledge commands
>
> Ok this is weird! When I console in with user 'brett' I get an exec
> prompt:
>
> r8 con0 is now available
> Press RETURN to get started.
>
> User Access Verification
>
> Username: brett
> Password:
>
> r8>
>
> But when I telnet in, I get priv. exec prompt!
>
> r7#150.50.5.2
> Trying 150.50.5.2 ... Open
> User Access Verification
>
> Username: brett
> Password:
>
> r8#
>
> Here is the config for r8. Where is the difference between logins
> specified. I THOUGHT that 'aaa authentication login default local'
> applied to ANY login, including the console, but I am confused now!
>
> hostname r8
> !
> boot system tftp c2600-jo3s56i-mz.121-19.bin 150.50.7.10
> aaa new-model
> aaa authentication login default local
> aaa authorization exec default local
> !
> username favre password 0 ipexpert
> username brett privilege 8 password 0 favre
> !
> privilege configure level 8 interface
> privilege exec level 8 configure
> privilege exec level 8 configure terminal
> !
> line con 0
> session-timeout 120
> exec-timeout 60 0
> length 30
> line aux 0
> transport input all
> line vty 0 4
> password cisco
> !
> end
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Jason Cash
> Sent: Tuesday, April 22, 2003 10:34 PM
> To: ccielab@groupstudy.com
> Subject: Priviledge commands
>
> I am having problems with the a task:
> "user brett should be able to enter config mode and then int. conf. mode
> but no more"
>
> Here is my config:
> hostname r6
> !
> aaa new-model
> aaa authentication login default local
> aaa authorization exec default local
> !
> username brett privilege 8 password 0 favre
> !
> privilege configure level 8 interface
> privilege exec level 8 configure
> privilege exec level 8 configure terminal
> !
> end
>
> And here is the capture of the login:
>
> User Access Verification
>
> Username: brett
> Password:
>
> r6>conf t
> % Invalid input detected at '^' marker.
>
> r6>configure
> Translating "configure"
>
> Translating "configure"
> % Unknown command or computer name, or unable to find computer address
> r6>conf
> Translating "conf"
>
> Translating "conf"
> % Unknown command or computer name, or unable to find computer address
> r6>
>
> As you can see, these commands are not available. Wouldn't one need to
> goto enable to even get to 'conf t'? What is missing as this is the
> same as the provided solution.
>
> [GroupStudy removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]

[GroupStudy removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]

• Next message: david: "testing material LIST"
• Previous message: Yasser Aly: "RE: OT [ Convert a flash card from Class B filesystem to Class"
• Maybe in reply to: Jason Cash: "Priviledge commands"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:05 GMT-3