Hi,
We have seen your site and it looks good.We are having one problem in tacacs+ in debian machine.We have installed tacacs-plus package from debian site.WE have configured without any problem.
Configuration as follows
We have created two groups one is admin and another is users
We want to restrict user group to use the enable command in our routers.
We have checked many documents and we didn't find the solution
Please helpus if you have any ideas about this.
Best Regards
Hi,
I do not have experience in debian tacacs+ but i can tell you that "cmd" attribute is used to restrict/permit commands. An example of a user profile with restricted access is as follows :-
# This user is limitted in allowed commands when aaa authorization is enabled: user = abcd { login = cleartext "telnet" cmd = enable { deny .* } cmd = exit { permit .* } }
And ofcourse you need to enable command authorization in the NAS.
Hope this helps.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.