lbicher56
asked on
Using command line tools with Cisco Secure ACS for Unix to modify groups
Hello,
I inherited an implementation of Cisco Secure ACS for Unix and I now have a need to create some additional groups. These groups will be used to control access to certain routers and grant specific privilege levels.
I've tried using the Web GUI and I can seem to find where to set the priv-lvl attribute for "service - shell". I have found the CLI utlities, I can view other profiles, but I can't figure out how to change a profile via the CLI UpdateProfile command. Any assistance would be appreciated.
I inherited an implementation of Cisco Secure ACS for Unix and I now have a need to create some additional groups. These groups will be used to control access to certain routers and grant specific privilege levels.
I've tried using the Web GUI and I can seem to find where to set the priv-lvl attribute for "service - shell". I have found the CLI utlities, I can view other profiles, but I can't figure out how to change a profile via the CLI UpdateProfile command. Any assistance would be appreciated.
ASKER
Thank you. I will check this out.
However, would you know how to do this in the GUI? The main thing I need to do is set the priv-lvl attribute and in the GUI I can't seem to find where I can get that. Any documentation I find does not indicate how to set that. I know it can be done, there were groups that already exist that use this.
However, would you know how to do this in the GUI? The main thing I need to do is set the priv-lvl attribute and in the GUI I can't seem to find where I can get that. Any documentation I find does not indicate how to set that. I know it can be done, there were groups that already exist that use this.
You should be able to do if via the web GUI.
If you edit a group its under TACACS+ but if you don't see it you may need to enable it.
To enable the option go to 'Interface Configuration' > 'Advanced Options' and tick the boxes and then go back to the group and see if you see it.
Unless you have got loads of users to add or modify the GUI is much easier.
Hope this helps.
Mark.
If you edit a group its under TACACS+ but if you don't see it you may need to enable it.
To enable the option go to 'Interface Configuration' > 'Advanced Options' and tick the boxes and then go back to the group and see if you see it.
Unless you have got loads of users to add or modify the GUI is much easier.
Hope this helps.
Mark.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007e689.html