Table of Contents
Advertisement
Chapter 6
Setting Up and Managing User Groups
To specify shell command authorization set parameters for a user group, follow
these steps:
In the navigation bar, click Group Setup.
Step 1
Result: The Group Setup Select page opens.
Step 2
From the Group list, select a group, and then click Edit Settings.
Result: The Group Settings page displays the name of the group at its top.
Step 3
From the Jump To list at the top of the page, choose TACACS+.
Result: The system displays the TACACS+ Settings table section.
Use the vertical scroll bar to scroll to the Shell Command Authorization Set
Step 4
feature area.
To prevent the application of any shell command authorization set, select (or
Step 5
accept the default of) the None option.
To assign a particular shell command authorization set to be effective on any
Step 6
configured network device, follow these steps:
a.
b.
To create associations that assign a particular shell command authorization set to
Step 7
be effective on a particular NDG, for each association, follow these steps:
a.
b.
c.
Step 8
To define the specific Cisco IOS commands and arguments to be permitted or
denied at the group level, follow these steps:
a.
b.
78-13751-01, Version 3.0
Select the Assign a Shell Command Authorization Set for any network
device option.
Then, from the list directly below that option, select the shell command
authorization set you want applied to this group.
Select the Assign a Shell Command Authorization Set on a per Network
Device Group Basis option.
Select a Device Group and a corresponding Command Set.
Click Add Association.
Result: The associated NDG and shell command authorization set appear in
the table.
Select the Per Group Command Authorization option.
Under Unmatched Cisco IOS commands, select either Permit or Deny.
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
Configuration-specific User Group Settings
6-31
Advertisement
Table of Contents
Troubleshooting
