On Fri 20 Jul 2007, ashish verma wrote:
Hi Ivan,
What i meant is you type enable but the password you give should be
authenticated by RADIUS server not the enable password stored on the
device.
I am not sure whether it is possible or not. But just wanted to know from
the experts.
Are you
privileged access but that authorization will be passed onto login users
as well (you cant split user exec and privileged exec authorization, at
least I don't know a way) giving them privileged access straight away
and defeating the second level authentication. And I can't predict how
well would things work
Hi Stefan,
I read the document and thanks for giving the link, that was helpful.
Well I think i put my question in a wrong way.
Let me put it in a different way.
I dont want the user to go directly in priv mode.
through priv level = 15 we direclty get into priv level right.
what i am looking
You want a shell user to get to privilege mode without typing
enableand knowing enable password? I am quite certain that Cisco
spent many years making sure that's impossible. If you find a way to do
that you can blackmail them for a hell of a lot of money.
Ivan Kalik
Kalik Informatika ISP
Dana
Hi ashish,
First of all, WHY you will need such a setup?
Afaik, cisco will send a request to radius for user '$enable15$' whenever someone tries to "enable".
Run freeradius in debug mode (radiusd -X) and then login as one of your users. Type "enable" and the cisco will
Hi,
You want a shell user to get to privilege mode without typing
enableand knowing enable password? I am quite certain that Cisco
spent many years making sure that's impossible. If you find a way to do
that you can blackmail them for a hell of a lot of money.
err, TACACS+ with priv_lvl 15
'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Second level authentication. (ashish verma)
2. Re
7 matches
Mail list logo