From: Alfadi Albaridi (falbaridi@hotmail.com)
Date: Sun Aug 17 2008 - 10:24:44 ART
Hello,
I am configuring a 4.0 CSACS for authorization. The Network Client is a
Catalyst 6500 with TACACS+, I made a gropu, so a user of that group can only
use the command "sh run" on that switch. So I did the following steps:
1. From "Shared Profile Components" then "Shell Command Authorization Sets"
then "Add Shell Command Authorization Set", I added the command "sh" and in
the arguments "permit run".
2. From "Group Setup", under "Shell Command Authorization Set" I clicked on
"Assign a Shell Command Authorization Set for any network device" and chose
the set I just made in step number 1.
Then under "IETF RADIUS Attributes", I checked "Service-Type" and chose
"login" from the drop down menue.
So here, I could telnet to the catalyst switch, but I couldn't execute any
command! So i did step 3 which is:
3. From "Group Setup", under "Nortel RADIUS Attributes", I checked the
attribute "1584\192] Bay-Access-Priority" and chose "Read-Only-Access"
and here "sh run" worked!!!! Although the client is TACACS+ not a Nortel
RADIUS!!! But even though, it worked just ONCE! I mean, I could execute 'sh
run" for only one time, after that "Command authorization failed." appears.
ANd so on..
Can anyone help me please solving this matter? Please advice where exactly my
mistake is.
Many thanks.
Alfadi Albaridi
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:31 ART