Re: CSACS Authorization Error!!

From: Farrukh Haroon (farrukhharoon@gmail.com)
Date: Sun Aug 17 2008 - 13:21:32 ART

• Next message: Joseph Saad: "Re: CcIE Voice Hacking"
• Previous message: Anant Tamgole: "Re: Sparse Mode Multicast on NBMA with main interfaces at Hub"
• Maybe in reply to: Alfadi Albaridi: "CSACS Authorization Error!!"
• Next in thread: Alfadi Albaridi: "RE: CSACS Authorization Error!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Why are you not assigning the privilege level via TACACS?

Regards

Farrukh

On Sun, Aug 17, 2008 at 4:24 PM, Alfadi Albaridi <falbaridi@hotmail.com>wrote:

> Hello,
>
> I am configuring a 4.0 CSACS for authorization. The Network Client is a
> Catalyst 6500 with TACACS+, I made a gropu, so a user of that group can
> only
> use the command "sh run" on that switch. So I did the following steps:
>
> 1. From "Shared Profile Components" then "Shell Command Authorization Sets"
> then "Add Shell Command Authorization Set", I added the command "sh" and in
> the arguments "permit run".
>
> 2. From "Group Setup", under "Shell Command Authorization Set" I clicked on
> "Assign a Shell Command Authorization Set for any network device" and chose
> the set I just made in step number 1.
> Then under "IETF RADIUS Attributes", I checked "Service-Type" and chose
> "login" from the drop down menue.
>
> So here, I could telnet to the catalyst switch, but I couldn't execute any
> command! So i did step 3 which is:
>
> 3. From "Group Setup", under "Nortel RADIUS Attributes", I checked the
> attribute "1584\192] Bay-Access-Priority" and chose "Read-Only-Access"
>
> and here "sh run" worked!!!! Although the client is TACACS+ not a Nortel
> RADIUS!!! But even though, it worked just ONCE! I mean, I could execute 'sh
> run" for only one time, after that "Command authorization failed." appears.
> ANd so on..
>
>
> Can anyone help me please solving this matter? Please advice where exactly
> my
> mistake is.
>
> Many thanks.
> Alfadi Albaridi
>
> _________________________________________________________________
> Get ideas on sharing photos from people like you. Find new ways to share.
>
> http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo
> _Gallery_082008<http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Joseph Saad: "Re: CcIE Voice Hacking"
• Previous message: Anant Tamgole: "Re: Sparse Mode Multicast on NBMA with main interfaces at Hub"
• Maybe in reply to: Alfadi Albaridi: "CSACS Authorization Error!!"
• Next in thread: Alfadi Albaridi: "RE: CSACS Authorization Error!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:31 ART