RE: CSACS Authorization Error!!

From: Alfadi Albaridi (falbaridi@hotmail.com)
Date: Mon Aug 18 2008 - 05:32:00 ART

• Next message: Mohammed Naviwala: "Re: Selling my CCIE Number in India : dont use our country name"
• Previous message: Fahad Khan: "Re: EIGRP - Stub redistributed question"
• Maybe in reply to: Alfadi Albaridi: "CSACS Authorization Error!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I found out my mistake, under the "User Setup" and then "Shell Command
Authorization Set" I chose the option "As Group", it was put to "None". It is
working fine now.

And you are correct, I shouldn't even try with RADIUS, because the network
client is TACACS+. Many thanks.

regards,
Alfadi Albaridi

> Date: Sun, 17 Aug 2008 19:21:32 +0300
> From: farrukhharoon@gmail.com
> To: falbaridi@hotmail.com
> Subject: Re: CSACS Authorization Error!!
> CC: security@groupstudy.com; ccielab@groupstudy.com
>
> Why are you not assigning the privilege level via TACACS?
>
> Regards
>
> Farrukh
>
> On Sun, Aug 17, 2008 at 4:24 PM, Alfadi Albaridi
<falbaridi@hotmail.com>wrote:
>
> > Hello,
> >
> > I am configuring a 4.0 CSACS for authorization. The Network Client is a
> > Catalyst 6500 with TACACS+, I made a gropu, so a user of that group can
> > only
> > use the command "sh run" on that switch. So I did the following steps:
> >
> > 1. From "Shared Profile Components" then "Shell Command Authorization
Sets"
> > then "Add Shell Command Authorization Set", I added the command "sh" and
in
> > the arguments "permit run".
> >
> > 2. From "Group Setup", under "Shell Command Authorization Set" I clicked
on
> > "Assign a Shell Command Authorization Set for any network device" and
chose
> > the set I just made in step number 1.
> > Then under "IETF RADIUS Attributes", I checked "Service-Type" and chose
> > "login" from the drop down menue.
> >
> > So here, I could telnet to the catalyst switch, but I couldn't execute
any
> > command! So i did step 3 which is:
> >
> > 3. From "Group Setup", under "Nortel RADIUS Attributes", I checked the
> > attribute "1584\192] Bay-Access-Priority" and chose "Read-Only-Access"
> >
> > and here "sh run" worked!!!! Although the client is TACACS+ not a Nortel
> > RADIUS!!! But even though, it worked just ONCE! I mean, I could execute
'sh
> > run" for only one time, after that "Command authorization failed."
appears.
> > ANd so on..
> >
> >
> > Can anyone help me please solving this matter? Please advice where
exactly
> > my
> > mistake is.
> >
> > Many thanks.
> > Alfadi Albaridi
> >
> > _________________________________________________________________
> > Get ideas on sharing photos from people like you. Find new ways to
share.
> >
> >
http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo
> >
_Gallery_082008<http://www.windowslive.com/explore/photogallery/posts?ocid=TX
T_TAGLM_WL_Photo_Gallery_082008>
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>

• Next message: Mohammed Naviwala: "Re: Selling my CCIE Number in India : dont use our country name"
• Previous message: Fahad Khan: "Re: EIGRP - Stub redistributed question"
• Maybe in reply to: Alfadi Albaridi: "CSACS Authorization Error!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:31 ART