RE: aaa authorization command aaa-server LOCAL.

There are two things it is going to look for from ACS

The shell exec whether it is authorized or not and the privilege level you
have defined for the user.

For TACACS+ Settings you need
check in Shell (exec)
Check in Privilege Level Set privilege to 1 or 15

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
groupstudytac groupstudytac
Sent: Wednesday, October 13, 2010 2:47 AM
To: Adil Pasha
Cc: Cisco certification
Subject: Re: aaa authorization command aaa-server LOCAL.

Hi Adil,
can you post at least the configs for the ASA so we can rule out any
configuration error on the ASA part.

On 10/13/10, Adil Pasha <aspasha_at_gmail.com> wrote:
> Hi guys,
>
> It has been 2 days and I am trying to make ASA work with my ACS 4.2.1.
>
>
>
> ASA has the following command:
>
> aaa authorization command aaa-server LOCAL
>
>
>
> I tried all ACS group level options nothing worked. I even created shared
> profile still nothing worked.
>
>
>
> I just wanted to know if there is a simple ACS configuration to enable
> command authorization on ASA.
>
>
>
> When I login to my ASA it allows me to login so that means authentication
is
> working good.
>
>
>
> But when I type any command I get "command authorization failed message".
>
>
>
> Thanks for any help in advance.
>
>
>
> Adil.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 13 2010 - 09:36:37 ART