I'm not sure how TACACS+ is configured but I'm using FUNK's Radius and all I
had to do is do a return Attribute with "priv-lvl = 15"...
Depending on the user, if the user has this attribute set, then he'll
automatically be brought to level 15 without doing "enable"
Hope this helps.
Check this link out:
http://www.cisco.com/warp/public/480/PRIV.html
"Sean Young" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi everyone,
>
> I need help in configuring both the TACACS+ server and the Network
> Access Server (NAS). I am currently running the TACACS+ server on
> Linux RedHat 7 with kernel 2.4.2. I am running the NAS on a cisco 2610
> router with IOS 12.0.15 Enterprise plus with ipsec capability. I am
running
> TACACS server version tac_plus-F4.0.3.alpha-7. Here is the configuration
> of the tacacs configuration file:
>
> key = "helpme"
>
> user = xyz {
> member = admin
> login = des 7bYbKxc
> cmd = show { permit .* }
> cmd = disconnect { permit .* }
> }
> user = abc {
> member = admin
> login = des YZdX64CcM
> cmd = show { permit .* }
> cmd = disconnect { permit .* }
> }
> user = def {
> service = exec {
> default attribute = permit
> }
> member = normal
> login = des 3zz3A/3Nc7RCU
> expires = "Mar 08 2002"
> cmd = where { permit .* }
> }
> group = admin {
> default service = permit
> service = exec {
> priv-lvl = 15
> }
> }
> group = normal {
> }
> user = $enab15$ {
> login = cleartext "Ineedhelp"
> }
>
> Here is the what I configure on the NAS:
>
> aaa new-model
> aaa authentication login usetacacs tacacs+ local enable
> aaa authentication login usenone none
> aaa authorization commands 1 usetacacs1 tacacs+
> enable secret 5 $1gGfwBcXfakuNKYSV0
>
> tacacs-server host 172.16.1.240
> tacacs-server key helpme
>
> line vty 0 4
> authorization commands 1 usetacacs1
> login authentication usetacacs
>
>
> I would like to be able to make both users abc and xyz to be
> able to go into the privilege mode (enable) each with their
> own password. Right now, even though abc and xyz can
> access the NAS, they have to share the enable secret
> password which is something I like to avoid. How can I
> make this happen? What am I doing wrong here? Please
> help... I am desperate...
> Many thanks.....
>
> Harry
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]