Got it

Want to see which users have executed the commands of devices on tacacs server Highlighted

Latest reply: Dec 27, 2018 07:09:45 2982 13 12 0 0

 Issue Description

Customer want to see which users have executed the commands of devices on tacacs server

like below snapshot for Cisco device:

92e4551e1899485e970750d5a9a1234b

2cd5ff94860c4c2ea84e7ca3f954d7bc

but on huawei device cannot see the command for login users

fa889471c0c941abb80e5eeabef15543

e9229587a1754ea3b93c4d3062130baf

Handling Process

in fact, this is just configuration problem.

need configure below commands

[Huawei] aaa

[Huawei-aaa] authorization-scheme htacacs

[Huawei-aaa-author-htacacs] authorization-cmd 1 hwtacacs local        // authorize for every level user

[Huawei-aaa-author-htacacs] authorization-cmd 2 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 3 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 4 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 5 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 6 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 7 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 8 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 9 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 10 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 11 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 12 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 13 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 14 hwtacacs local

[Huawei-aaa-author-htacacs] authorization-cmd 15 hwtacacs local

#

[Huawei-aaa] recording-scheme hwtacacs        // configure accounting commands for users

[Huawei-aaa-recording-hwtacacs] recording-mode hwtacacs htacacs

[Huawei-aaa] cmd recording-scheme hwtacacs

 

 

 

  • x
  • convention:

Mark.hu
Created Oct 18, 2018 02:07:43

This post was last edited by Mark.hu at 2018-10-31 06:56. Can you add a description when analyzing, because I don't understand the solution you want to express. It would be great to be able to add comments, I hope you can understand, thank you again for sharing.
View more
  • x
  • convention:

Torrent
Created Oct 18, 2018 02:12:49

This post was last edited by Torrent at 2018-10-31 07:23. This is a good case of introducing how to to see which users have executed the commands of devices on tacacs server.can I ask a question, do you have a complete example for configure aaa authentication for cisco ISE?

At first, I want to thank you very much.
View more
  • x
  • convention:

Barret
Created Oct 18, 2018 02:34:34

This is a good case of introducing how to to see which users have executed the commands of devices on tacacs server. The steps are clearly, but I think that the authorize for every level users is too tedious. Is there a command authorize all 15 levels user, instead of authorize one by one?
View more
  • x
  • convention:

GongXiaochuan
Created Oct 18, 2018 03:49:24

This post was last edited by GongXiaochuan at 2018-10-30 05:52.

by default should be open it , customer need to record it for security reason

View more
  • x
  • convention:

faysalji
Author Created Oct 18, 2018 05:07:06

Thanks for sharing the case,Want to see which users have executed the commands of devices on tacacs server-2779959-1
View more
  • x
  • convention:

Finn92
Created Oct 18, 2018 07:50:26

This post was last edited by Finn92 at 2018-10-31 06:47.

At first, I want to thank you very much.

This is a good case of introducing how to to see which users have executed the commands of devices on tacacs server.

can I ask a question, does Radius server support it ? or only Tacacs  support ?
View more
  • x
  • convention:

SupperRobin
Created Oct 18, 2018 09:23:58

This post was last edited by SupperRobin at 2018-10-31 06:54. If the recording scheme to be configured does not exist, the recording-scheme command creates a recording scheme and displays the recording scheme view. If the recording scheme to be configured already exists, the recording-scheme command displays the recording scheme view.
Before deleting a recording scheme, ensure that the scheme has not been referenced by the cmd recording-scheme or outbound recording-scheme or system recording-scheme command.
A maximum of 32 recording schemes can be configured on the device.
View more
  • x
  • convention:

Skay
Created Oct 19, 2018 07:32:46

Thanks for your sharing , good example for tacacs authentication , because huawei document is not covered all tacacs scenes .
View more
  • x
  • convention:

yangyong
Created Oct 19, 2018 09:38:34

I just face similar issue, thanks for sharing, it resolve my issue.Want to see which users have executed the commands of devices on tacacs server-2781603-1
View more
  • x
  • convention:

12
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.