your correct so what did i do wrong or how do i fix this ?<br><br><br><br>user = tom {<br> login = cleartext tom<br> enable = cleartext tom12<br>}<br><br>user = matt {<br> enableacl = badmatt<br> login = cleartext matt<br>
enable = cleartext matt12<br>}<br><br>acl = badmatt {<br> deny = 192\.168\.0\.1 # disallow enable on this tacacs client<br> permit = .*<br>}<br><br><br><div class="gmail_quote">On Fri, Aug 21, 2009 at 12:58 PM, john heasley <span dir="ltr"><<a href="mailto:heas@shrubbery.net">heas@shrubbery.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Fri, Aug 21, 2009 at 12:55:22PM -0400, Tom Murch:<br>
<div class="im">> so it works great except the enable password is not working on a per user<br>
> basis is there something i need to change to make that work?<br>
<br>
</div>put it in the user {} area. if that is not working, you will have to run<br>
with debugging and i suspect you'll find that the device isnt passing the<br>
username with the enable authorization request but rahter $enable$.<br>
<div><div></div><div class="h5"><br>
> On Fri, Aug 21, 2009 at 12:52 PM, Tom Murch <<a href="mailto:tmurch@toniccomputers.com">tmurch@toniccomputers.com</a>>wrote:<br>
><br>
> > yeah thats a miss type on part. Let me go try this out.<br>
> ><br>
> > On Fri, Aug 21, 2009 at 12:09 PM, john heasley <<a href="mailto:heas@shrubbery.net">heas@shrubbery.net</a>> wrote:<br>
> ><br>
> >> Fri, Aug 21, 2009 at 11:29:14AM -0400, Tom Murch:<br>
> >> > ok so here is what i have<br>
> >> ><br>
> >> > user tom {<br>
> >> > login = cleartext 'tom'<br>
> >> > enable = cleartext 'tom12'<br>
> >> > }<br>
> >> ><br>
> >> > acl = badmatt {<br>
> >> > login = cleartext 'matt'<br>
> >> > enable = cleartext 'matt12'<br>
> >> > deny 192\.168\.0\.1 # disallow enable on this tacacs client<br>
> >> > permit .*<br>
> >> > }<br>
> >> > user matt { enableacl = badmatt }<br>
> >> ><br>
> >> > Will this work so that Tom and Matt can both enable on all things except<br>
> >> the<br>
> >> > 192.168.0.1 that matt is acl from?<br>
> >><br>
> >> yes, but login and enable are not valid in acl {}.<br>
> >><br>
> ><br>
> ><br>
</div></div></blockquote></div><br>