Using tacacs+ authentication, Monitoring aaa servers – Cisco ASA 5505 User Manual

Page 710

Advertising
background image

35-30

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 35 Configuring AAA Servers and the Local Database

Monitoring AAA Servers

map-name company Privilege-Level

map-name title IETF-Radius-Service-Type

To apply the LDAP attribute map to the LDAP AAA server, enter the following commands:

hostname(config)# aaa-server ldap-server (dmz1) host 10.20.30.1

hostname(config-aaa-server-host)# ldap-attribute-map admin-control

Note

When an authenticated user tries administrative access to the ASA through ASDM, SSH, or Telnet, but
does not have the appropriate privilege level to do so, the ASA generates syslog message 113021. This
message informs the user that the attempted login failed because of inappropriate administrative
privileges.

Using TACACS+ Authentication

For information about how to configure TACACS+ authentication, see the

“RADIUS Accounting

Disconnect Reason Codes” section on page C-37

.

Monitoring AAA Servers

To monitor AAA servers,enter one of the following commands:

Command

Purpose

show aaa-server

Shows the configured AAA server statistics.

To clear the AAA server configuration, enter the clear aaa-server
statistics
command.

show running-config aaa-server

Shows the AAA server running configuration.

To clear AAA server statistics, enter the clear configure aaa-server
command.

show running-config all ldap attribute-map

Shows all LDAP attribute maps in the running configuration.

To clear all LDAP attribute maps in the running configuration, use the
clear configuration ldap attribute-map command.

show running-config zonelabs-integrity

Shows the Zone Labs Integrity server configuration.

To clear the Zone Labs Integrity server configuration, use the clear
configure zonelabs-integrity
command.

show ad-groups

name [filter string]

Applies only to AD servers using LDAP, and shows groups that are listed
on an AD server.

show running-config [all] password-policy

Shows the password policy for the current context.

Advertising