Chapter7 Se tting Up and Managing User Accounts
Advanced User Authentication Settings
7-32
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Details on configuring user options with the Advanced TACACS+ Settings are
presented in the following three procedures:
•Setting Enable Privilege Options for a User, page7-32
•Setting TACACS+ Enable Password Options for a User, page7-34
•Setting TACACS+ Outbound Password for a User, page 7-35
Setting Enable Privilege Options for a UserYou use TACACS+ Enable Control with Exec session to control administrator
access. Typically, you use it for router management control. From the following
four basic options, you can select and specify the privilege level you want a user
to have.
•Use Group Level Setting—Sets the privileges for this user as those
configured at the group level.
•No Enable Privilege—Disallows enable privileges for this user.
Note This is the default setting.
•Max Privilege for any AAA Client—Enables you to select from a list the
maximum privilege level that will apply to this user on any AAA client on
which this user is authorized.
•Define Max Privilege on a per-Network Device Group Basis—Enables you
to associate maximum privilege levels to this user in one or more NDGs.
Note For information about privilege levels, refer to your AAA client
documentation.
Tip You must configure NDGs from within Interface Configuration before you can
assign user privilege levels to them.