[RADIATOR] Radiator Authorization Cisco ASA
Steve Normoyle
sgnormo at hotmail.com
Mon Jan 5 07:34:01 CST 2015
I have a Cisco ASA with multiple context. I am trying to deny the use of the command "changeto context system", but allow authorized group to be able to change to any of the other context. When user types in the command they get denied.
I have entered
"authorizedgroup <readonly group> permit service=shell cmd=changeto cmd-arg="context <other context name>"
"authorizedgroup <readonly group> deny service=shell cmd=changeto cmd-arg="context system"
"authorizedgroup <readonly group> deny .*"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20150105/25017cf4/attachment.html
More information about the radiator
mailing list