Re: help with configuring TACACS+ server and NAS

Kenneth Sun, 11 Mar 2001 09:36:05 -0800
I'm not sure how TACACS+ is configured but I'm using FUNK's Radius and all I
had to do is do a return Attribute with "priv-lvl = 15"...

Depending on the user, if the user has this attribute set, then he'll
automatically be brought to level 15 without doing "enable"

Hope this helps.

Check this link out:
http://www.cisco.com/warp/public/480/PRIV.html


"Sean Young" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi everyone,
>
> I need help in configuring both the TACACS+ server and the Network
> Access Server (NAS).  I am currently running the TACACS+ server on
> Linux RedHat 7 with kernel 2.4.2.  I am running the NAS on a cisco 2610
> router with IOS 12.0.15 Enterprise plus with ipsec capability.  I am
running
> TACACS server version tac_plus-F4.0.3.alpha-7.  Here is the configuration
> of the tacacs configuration file:
>
> key  =   "helpme"
>
> user =   xyz     {
>          member = admin
>          login = des 7bYbKxc
>          cmd = show { permit .* }
>          cmd = disconnect { permit .* }
>                          }
> user =   abc    {
>          member = admin
>          login = des YZdX64CcM
>          cmd = show { permit .* }
>          cmd = disconnect { permit .* }
>                          }
> user =  def   {
>          service = exec {
>          default attribute = permit
>                         }
>          member = normal
>          login = des 3zz3A/3Nc7RCU
>         expires = "Mar 08 2002"
>         cmd = where { permit .* }
>                         }
> group = admin {
>      default service = permit
>      service = exec {
>          priv-lvl = 15
>                                }
>                         }
> group =  normal    {
>                                 }
> user  =  $enab15$  {
>          login = cleartext "Ineedhelp"
>                                  }
>
> Here is the what I configure on the NAS:
>
> aaa new-model
> aaa authentication login usetacacs tacacs+ local enable
> aaa authentication login usenone none
> aaa authorization commands 1 usetacacs1 tacacs+
> enable secret 5 $1gGfwBcXfakuNKYSV0
>
> tacacs-server host 172.16.1.240
> tacacs-server key helpme
>
> line vty 0 4
> authorization commands 1 usetacacs1
> login authentication usetacacs
>
>
> I would like to be able to make both users abc and xyz to be
> able to go into the privilege mode (enable) each with their
> own password.  Right now, even though abc and xyz can
> access the NAS, they have to share the enable secret
> password which is something I like to avoid.  How can I
> make this happen?  What am I doing wrong here?  Please
> help... I am desperate...
> Many thanks.....
>
> Harry
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: help with configuring TACACS+ server and NAS

Reply via email to
