?
Solved

Using command line tools with Cisco Secure ACS for Unix to modify groups

Posted on 2009-12-29
5
Medium Priority
?
552 Views
Last Modified: 2012-05-08
Hello,
    I inherited an implementation of Cisco Secure ACS for Unix and I now have a need to create some additional groups.  These groups will be used to control access to certain routers and grant specific privilege levels.  
    I've tried using the Web GUI and I can seem to find where to set the priv-lvl attribute for "service - shell".  I have found the CLI utlities, I can view other profiles, but I can't figure out how to change a profile via the CLI UpdateProfile command.  Any assistance would be appreciated.
0
Comment
Question by:lbicher56
  • 2
4 Comments
 
LVL 19

Expert Comment

by:CoccoBill
ID: 26144720
I don't think you can. What I would do is use the csutil command to dump the user db to a file, edit it and import back.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007e689.html
0
 

Author Comment

by:lbicher56
ID: 26148562
Thank you.  I will check this out.  

However, would you know how to do this in the GUI?  The main thing I need to do is set the priv-lvl attribute and in the GUI I can't seem to find where I can get that.  Any documentation I find does not indicate how to set that.  I know it can be done, there were groups that already exist that use this.
0
 
LVL 3

Expert Comment

by:oldhamuk
ID: 26152881
You should be able to do if via the web GUI.

If you edit a group its under TACACS+ but if you don't see it you may need to enable it.

To enable the option go to 'Interface Configuration' > 'Advanced Options' and tick the boxes and then go back to the group and see if you see it.

Unless you have got loads of users to add or modify the GUI is much easier.

Hope this helps.

Mark.
0
 
LVL 3

Accepted Solution

by:
oldhamuk earned 1000 total points
ID: 26152898
Correction to above.

To enable it go to 'Interface Configuration' > TACACS+ and you should see it under there to enable.

If you don't see TACACS plus make sure you switches are set to use TACACS within ACS otherwise it won't show the option.

To check if the are using TACACS go to a switch in the ACS and edit the entry and it should say TACACS under 'Authenticate Using'
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question