Login to directly into "privilege mode"
Hi All,
I have created users and given them telnet access to router 7200.
They have full privilges(15) but everytime they login they login into user-exec mode instead of privilege mode.
Is there a way to skip user-exec mode and allow the users to login directly into privilge mode so they dont have to enter password twice?
Thanks!!
Opening a new thread might be a good idea - though at this point we have gone far enough (and I am not sure how much further this discussion will go) that we might as well just continue this thread.
While IOS devices have mechanisms that will allow you to configure that a user goes directly into privilege mode I do not believe that this works on the ASA - at least for the command line. If you login to ASDM to manage the ASA you will go directly to privilege mode. But for command line (SSH, telnet, etc) you will go to user mode and be required to enter another password for privilege mode. I do not know a way to get around that for ASA command line.
HTH
Rick
Similar Messages
-
ACSE - Logging into Privileged Mode
I have configured one client, remote agent and the ACSE. I am able to authenticate into the network device via AD. It prompts me for credentials then I am in user mode. I then issue the enable command to enter privileged mode. It then prompts me to authenticate again. My question is how do I configure ACS to enter me directly into privileged mode once I have successfully authenticated? I do not want to first be in user mode then have to authenticate again to enter privileged mode. Any help would be greatly appreciated. Thank You!
Bring users/groups in at level 15
1. Go to user or group setup in ACS
2. Drop down to "TACACS+ Settings"
3. Place a check in "Shell (Exec)"
4. Place a check in "Privilege level" and enter "15" in the adjacent field
Also make sure we have exec authorization enabled.
aaa authorization exec default group tacacs+ if-authenticated
Regards,
~JG
Do rate helpful posts -
Logging directly into enable mode on a PIX using TACACS
I have setup TACACS authentication on a PIX running 6.3(3). I can authenticate using TACACS just fine, but do not get put directly into enable mode. The ACS server is setup to do so, it works for routers and switches, but not the PIX box. If I put the "aaa authentication enable console TACACS" in the config I must enter the enable command and use the same password I logged in with to get into enable mode. Without the command, I have to use the configured enable secret password to get into the enable mode.
Does anyone know it there is a way to configure the PIX to log someone directly into enable mode via TACACS?
Thanks in advanceHi,
PIX does not support exec authorization. Hence user cannot login to level 15 directly.
Regards,
Vivek -
TACACS+ not log into privilege mode
With the same TACACS+ account, I observed different behavior on different routers.
On some routers, it automatically goes into privilege mode (enable mode). On others, it doesn't.
Router config is as below. What debug I need to turn on to troubleshoot this problem? Thanks!
aaa new-model
aaa group server tacacs+ corp
server-private x.x.x.x key 7 12383525115F07123B
server-private y.y.y.y key 7 052A363D2218451F08
ip vrf forwarding corp
aaa authentication login default group corp local-case
aaa authorization exec default group corp if-authenticated
aaa authorization commands 15 default group corp if-authenticated
aaa accounting exec default
action-type start-stop
group corpTo force you computer into safe mode you will need to edit the boot.ini file if you are unable to use F8 Boot-Time screen.
Append your boot.ini file with the following switches:
Mode: Safe Mode
Switch: /safeboot:minimal
Mode: Safe Mode with Networking
Switch: /safeboot:network
Mode: Safe Mode with Command Prompt
Switch: /safeboot:minimal(alternateshell)
So it will look something like the following:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP" /fastdetect /SAFEBOOT:MINIMAL
**REMEMBER**
Editining this file can be dangerous and can cause the system to be unbootable if you get something wrong.
There is no reason why the F8 command shouldnt work, Just keep tapping it as soon as the PC POSTs
To Disable Automatic Reboot on a BSOD:
1. From the desktop right click on My Computer.
2. Click the Properties option.
3. In the System Properties window click the Advanced tab.
4. In Advanced click the Settings button under Startup and Recovery.
5. In the Startup and Recovery window uncheck the Automatically restart check box.
6. Click Ok.
Hope This Helps -
Can I open directly into slideshow mode?
Is it possible once having cretaed a photo gallery to also create a seperate link to open a web page directly into Sl,odeshow mode without having to first go to the gallery page and click on click on Play Slide Icon link for the Slideshow pop up.?
It would be great to have the option of creating alink directly to the slideshow.
Hope someone can help me out please..
Davidwithout having to first go to the gallery page and click on click on Play Slide Icon link for the Slideshow pop up.?
no you can't, because the pop up slideshow window widget requires the thumbnails page to be opened first, so that the image stream loader loads in the images.
It would be great to have the option of creating alink directly to the slideshow.
but you can have slideshow directly on the thumbnails page, if you know how to work iweb javascript widgets.
Here is my example: http://www.cyclosaurus.com/iWeb2/Photo_Albums/Pages/Muse.html
javascript is linked to the example. -
Directly enter edit mode of JTable cell
Hi Everyone,
On my UI, i am showing editable JTable. When I click on table's row / cell, it selects the row. Fine.
But I want that it should directly enter edit mode of cell and the whole text is to be selected and highlighted and focussed.
Thus, user can directly type the new text.
Please suggest correct approach to handle this scenario.
Thanks in advance.
Girish Varde.Here is my attempt at solving this problem:
** For text selection you have two choices. Remove the "xxx" from either
** editCellAt() or prepareEditor() method.
** The difference is in how mouse double clicking works
** To place a cell directly into edit mode, use the changeSelection() method.
** Be aware this will generate a TableModelEvent every time you leave a cell.
** You can also use either of the above text selection methods.
import java.awt.*;
import java.util.*;
import javax.swing.*;
import javax.swing.text.*;
import javax.swing.table.*;
public class TableEditCell extends JFrame
public TableEditCell()
String[] columnNames = {"Number", "Letter"};
Object[][] data = { {"1", "A"}, {"2", "B"}, {"3", "C"} };
JTable table = new JTable(data, columnNames)
// Place cell in edit mode when it 'gains focus'
public void xxxchangeSelection(
int row, int column, boolean toggle, boolean extend)
super.changeSelection(row, column, toggle, extend);
if (editCellAt(row, column))
getEditorComponent().requestFocusInWindow();
// Select the text when the cell starts editing
// a) text will be replaced when you start typing in a cell
// b) text will be selected when you use F2 to start editing
// c) text will be selected when double clicking to start editing
public boolean xxxeditCellAt(int row, int column, EventObject e)
boolean result = super.editCellAt(row, column, e);
final Component editor = getEditorComponent();
if (editor != null && editor instanceof JTextComponent)
if (e == null)
((JTextComponent)editor).selectAll();
else
SwingUtilities.invokeLater(new Runnable()
public void run()
((JTextComponent)editor).selectAll();
return result;
// Select the text when the cell starts editing
// a) text will be replaced when you start typing in a cell
// b) text will be selected when you use F2 to start editing
// c) caret is placed at end of text when double clicking to start editing
public Component xxxprepareEditor(
TableCellEditor editor, int row, int column)
Component c = super.prepareEditor(editor, row, column);
if (c instanceof JTextComponent)
((JTextField)c).selectAll();
return c;
JScrollPane scrollPane = new JScrollPane( table );
getContentPane().add( scrollPane );
public static void main(String[] args)
TableEditCell frame = new TableEditCell();
frame.setDefaultCloseOperation( EXIT_ON_CLOSE );
frame.pack();
frame.setLocationRelativeTo( null );
frame.setVisible(true);
} -
Can't boot into safe mode or prompt login window, need help.
Hello all,
This is cross-posted from the installations and set-up list.
Can anyone suggest a remedy for what's ailing this powerbook. its a g4 powerbook, i don't have much more info other than that. all indications are that it is running 10.2.6, although i was told that it had been updated to 10.2.8, its possible that it was updated only to 10.2.6. following the update, you get to the apple and spinning pinwheel screen and it will not proceed. literally, the pinwheel will spin for 24 hours+.
it looks like it gets to the point of the startup(login) items and hangs indefinitely. ie it will
if i start in verbose mode it will, give some clues:
truncated or malformed library: /System/Libray/Frameworks/Security.frameworks/Versions/A/Security
Some starup items failed to launch due to conflicts
/usr/libexec/crashreporterd: crashdump terminated by signal 5
init: getty repeating too quickly on port /dev/console, sleeping
/usr/libexec/crashreporterd: crashdump terminated by signal 5
last message repeated 10 times
/usr/libexec/crashreporterd: crashdump terminated by signal 5
init: getty repeating too quickly on port /dev/console, sleeping
/usr/libexec/crashreporterd: crashdump terminated by signal 5
last message repeated 5 times
this will continue to be repeated and i assume a new core.## file is sent to the /cores folder, until the hard drive is maxed out.
I can boot in single user mode and everything is fine but i cannot boot into safe mode.
fsck says the disk is fine, as does disk first aid, i have also corrected permissions, and followed many of the things that have been previously posted.
It looks like ther are conflicts with some startup items, what can i move from the starup folder and is best not to be touched?
what about the truncated library message?
also can i update to 10.2.8 from the single user mode, if i cannot get into safe mode?
any suggestions?
thanks in advance-
toddI have solved this problem. I mounted the laptop in target mode and replaced this file:
/System/Library/Frameworks/Security.framework/Versions/A/Security
with the equivalent file from a machine running 10.2.8.
It booted all the way through then i upgraded to 10.2.8. -
This happens when I'm literally DOING something, like typing or moving my mouse. When I'm in no way not doing anything on my computer. Any thoughts on why?
Specs: Version 10.6.7, 2.13GHz Intel Core 2 Duo, 4 GB.This might sound silly, but I'd check your Exposé settings: System Preferences > Exposé & Spaces > Exposé
It's just possible you've set up a hot corner to put your computer into sleep mode when the mouse wanders in that direction.
Bob -
I got a Macbook Air. My system language is russian but the login password is english. I put the laptop into sleep mode, then wanted to log in again, but the language seems to have switched to russian, there's no language change button! How do I log in now?
Severia,
I tried your solution, but it did not work with my laptop. After I restart the laptop, the language does not change and I cannot type the password in English language. Do you have any other suggestion?
Thank you. -
I have reciently upgraded to ML from SL and I have to boot into safe mode then restart in order to login to the syatem I have inplugged all peripherials, removed all startup programs and uninstalled or disabled any software that was not important.
Any help would be appreciated thanks in advance.What happens if you don't boot in safe mode first?
-
Login screen comes up repeatedly, booting into safe mode by default
Good Morning,
I have an iMac (Lion 10.8) that is having a lot of trouble. I manage an Elementary School's IT fleet. At the end of last year, the computer was booting into Safe Mode by default. Once the system came up, the teacher could use it - but it took so long to boot that she chose not to. The teacher left the school, and I was planning to just format it and reimage. Here is what I have happening.
Boots into safe mode on it's own
Once it's done booting, the login screen shows up - but entering any credentials just gets a grey screen, and the login screen comes right back. Even root. Which means I can't get logged into the computer at all.
Recovery mode will not allow me to erase the drive, says failed and not able to access the drive.
Target mode will also not allow me to erase the drive, nor will it allow me to push over an image. Scanning the drive failed, busy.
Disk repair says unable to repair disk - please format.
These are the things I have tried.
Reset PRAM (three times over the course of troubleshooting)
Replaced the RAM completely
Unplugged 15 seconds trick
Accessing via Target mode - Drive is greyed out, but shows up
Ran FSCK manually, and it completed
Tried to do a netinstall, but the disk does not show up in netboot as an option.
I thought maybe the drive was bad, but considering that it will boot into safe mode eventually (although you can't login), and FSCK completed successfully - I'm just not sure! I just thought I'd pick your brains. I'm usually a Windows \ Linux Administrator, so this Apple business is new to me I'm learning! Although I find them frustrating. Any help would be greatly appreciated!
Thank youI thought maybe the drive was bad, but considering that it will boot into safe mode eventually (although you can't login),
Some part of the disk may be bad while others are good. i/o could be trying multiple times and eventually succeeding.
Ran FSCK manually, and it completed
You run FSCK in single user mode? This is very surprising. FSCK verifies the filesystem is in order. Actual data blocks could be bad. Would be a surprise if no file system blocks were not also bad.
Except for this fact, it seems like a hd problem. Intermediate problem. Heat problem, etc.
Time to try a different hd. See if that works. Could be some other hardware problem. Try external drive/flash drive, etc.
Mac OS X is BSD Unix. -
How to dump .mod directly into iMovie without having to convert to .m4v?
I cannot dump my video directly into iMovie 9 from Canon FS200. It goes to a document which I then have to laboriously convert - one clip at a time - to .m4v using Handbrake. Only then will iMovie take them. How do I bypass that conversion and get video directly into iMovie?
bombay wrote:
Yes. It can be done. But Math script can not evaluate all functions in .m files (There are some exceptions).
And those can perhaps easily be ported to LabVIEW/MathScript?
It is not sufficient to disregard running your Matlab code in LabVIEW based on a few exceptions without first thoroughly evaluating the impact they have.
If you want to stick with Matlab in your implementation, then there are other avenues than hypotethizing about the limited portability issues of using MathScript in your project?
Br,
/Roger -
Can't get my AGP G4 into Target Mode
I have a new Intel MacMini I want to use for my home computer, so I tried get my old G4 to startup in Target mode (using lower case "t" at startup) to make file backup and account setup easier.
The G4 will not go into Target mode - I've tried both restarting and powerig-up, both with "t" pressed down from the beginning. Their are the usual power-up sounds, but the monitor screen remains blank - it doesn't progress to the floating-Y Firewire icon or the normal login screen.
I read somewhere about Open Firmware Password, but I don't seem to have that on this machine.
Some info about my G4 - is it a model that supports Target Mode?
Machine Name: Power Mac G4 (AGP graphics)
Machine Model: PowerMac3,1
CPU Type: PowerPC G4 (2.8)
Number Of CPUs: 1
CPU Speed: 450 MHz
L2 Cache (per CPU): 1 MB
Memory: 1.25 GB
Bus Speed: 100 MHz
Boot ROM Version: 4.2.8f1
OS: 10.4.11
Two user accounts, both with admin privileges.
It was so great to set up my wife's Intel iMac with her account files from her old PowerPC via Target Mode. I'd love to be able to do the same with my own old PowerPC G4. Any help would be greatly appreciated!SInce my need is to transfer my accounts from the old G4 to the new Mac Mini, I will drop the hunt for getting Target Mode working on the G4 and use Migration Assistant via Ethernet:
http://support.apple.com/kb/HT3322
http://discussions.apple.com/thread.jspa?threadID=1752061
Doesn't seem to be an entirely trouble-free process:
http://www.ehmac.ca/mac-ipod-help-troubleshooting/73933-help-migration-assistant .html
http://episteme.arstechnica.com/eve/forums/a/tpc/f/8300945231/m/999006696931
I will mark my question as "Answered". -
How can i prioritize PBX over Router? (PBX and Router plug directly into Modem)
Hello everyone,
I work for a small ISP and i just got hired here a couple months ago. I've been tasked to figure out a solution to this problem. We have customers that have a network, and they also have a phone system. Both devices (router and PBX box) have a static IP address and plug directly into the modem. The issue we see is that the internal network is hogging the bandwidth and this kills the phone systems quality. What i tried was putting a 2960 in between the modem and router/PBX system. Then rate limiting the port to the internal network but it doesn't work out so well. I have it set to use 8mb/800bk. Which should dedicate 2mb/200kb for their phone system at all times. But when i do speed tests i get 2mb down and 200kb up. My download speeds are not right, yet when i do a "no mls qos" the download goes to the 8mb i have set, but then my upload doesnt work correctly. Does anyone have an idea to fix this? Or any better ideas?
no aaa new-model
system mtu routing 1500
ip domain-name XXXXX.com
mls qos
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
ip tftp source-interface Vlan1
class-map match-all RATE_LIMIT_CLASS
match access-group name RATE_LIMIT_ACL
policy-map RATE_LIMIT_POLICY
class RATE_LIMIT_CLASS
police 800000 8000 exceed-action drop
interface FastEthernet0/1
description Internal Network
speed 10
duplex full
srr-queue bandwidth limit 80
service-policy input RATE_LIMIT_POLICY
interface FastEthernet0/2
description PBX Box
ip http server
ip http secure-server
ip access-list extended RATE_LIMIT_ACL
permit ip any any
access-list 50 permit X.X.X.X 0.0.2.255
line con 0
logging synchronous
line vty 0 4
access-class 50 in
logging synchronous
login local
line vty 5 15
access-class 50 in
logging synchronous
login local
endHeres an update, even with the Router plugged into fa0/1 with the following config, it still only gets 2.5mb down. Ideas? Could it be because the ports on 10mb?
interface FastEthernet0/1
description Internal Network
speed 10
duplex full -
TACACs+ commands not dropping me into enable mode
Hi All,
I've just comfigured the following on a router running IOS 15. All my other devices are running the old tacacs commands but thought I'd try the new CLI version.
It works, e.g get prompted for username/password and authenticates against our AD Server (integrated with ACS4.2). I get into the router but into usermode.
My other devices drop me straight into Priv Mode. Only difference is the the new commands v the old commands but I can't see anything that is different in relation to putting me into Priv mode.
Any ideas?
aaa group server tacacs+ ABC_ACS
server name ABC_TAC
tacacs server ABC_TAC
address ipv4 172.27.10.10
key secretkey
aaa authentication login ACS_List group ABC_ACS line
aaa authorization exec ACS_List group ABC_ACS if-authenticated
aaa accounting exec ACS_List start-stop group ABC_ACS
aaa accounting commands 15 ACS_List start-stop group ABC_ACS
line vty 0 4
password test
authorization exec ACS_List
accounting commands 15 ACS_List
accounting exec ACS_List
login authentication ACS_List
length 0
transport input sshMake sure you defined the username with a static privilege level of 15 otherwise it will not be able to pass the enable authentication.
If ACS 5.x or higher go to the policy elements: Shell Profile and make sure you have one assigned for a static maximum privilege of 15 and most important that its applied into a access-policy rule
Maybe you are looking for
-
How just return one row of a one to many join..
So I have a one to many join where the SMOPERATOR table has data I need however it has a couple of rows that match the JOIN condition in there. I just need to return one row. I think this can be accomplished with a subquery in the join however have n
-
Section Break conflicts with Dynamic Header in RTF which loads XML data
Hi, I have dynamic header in my rtf file which loads data from XML generated by rdf file. I have section break on start group of body. but it does not display dynamic header value. If i remove section break then it display dynamic header. I have to d
-
How to get SNTP (Simple Network Time Protocol) time from any time Servers?
Hi All, I am trying to get the date and time from any internet time servers (http://tf.nist.gov/service/time-servers.html). How do I get that within the java program. ex: InetAddress address = InetAddress.getByName("time-nw.nist.gov"); then a variabl
-
SD-FI integration: Configuration need for invoice to create document
Hi gurus, invoice xxx like 91446622 under company yyyy like 1000 cannot pass through to create an accounting document becuase there is no configuration between plants 1020 and 1201 T-code VFX3 company 1000 Pls suggest me the places where i can config
-
Assistance in getting chrome google for iMac 2010
How to get google chrome from Apps Store for mac 2010?