<div dir="ltr">I wrote up a bit about authorization on <a href="http://tacacs.org">tacacs.org</a> - you may wish to read there. </div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jul 26, 2013 at 2:08 AM, Alan McKinnon <span dir="ltr"><<a href="mailto:alan.mckinnon@gmail.com" target="_blank">alan.mckinnon@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 26/07/2013 03:18, Musa Aydın wrote:<br>
> Hi ,<br>
><br>
> i set up a tac_plus and i do basic configuration about authentication .<br>
> yes it is working absolutely good. but while i want to use authorization<br>
> process such as different privilege level of users it is not working<br>
> properly. i search some kind of document about this feature but nothing. if<br>
> is possible i misunderstand tac_plus authorization capability. if i set a<br>
> custom privilege level . which side assign a custom commands network device<br>
> or tac_plus server ? which one is working truely ?<br>
><br>
> at tacacs+ server<br>
> group = newbie {<br>
> service =exec<br>
> priv-lvl = 6<br>
> default service = deny<br>
> cmd = show { permit *}<br>
> cmd = ping ( permit *}<br>
><br>
> user = test<br>
> { member = newbie}<br>
><br>
> or<br>
><br>
> at router<br>
><br>
> privilege level 6 show...<br>
> privileve leve 6 ping...<br>
><br>
> Briefly, Can i use tac_plus for speciifc commands authorization by assign<br>
> specific privilege level completely tac_plus side ?<br>
<br>
<br>
</div>Yes, but you must tell the router to use it with the<br>
"aaa authorization"<br>
configuration<br>
<br>
The router doesn't automatically use the tacacs server for authorization<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Alan McKinnon<br>
<a href="mailto:alan.mckinnon@gmail.com">alan.mckinnon@gmail.com</a><br>
</font></span><div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus</a><br>
</div></div></blockquote></div><br></div>
<pre>
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.