TACACS+ users with role TACP-15 fail to access Expert mode on R77.30 Gaia OS

SUPPORT CENTER
USER CENTER / PARTNER MAP
THREAT PREVENTION RESOURCES
THREAT INTELLIGENCE
UNDER ATTACK?
- We can help. Learn more about ThreatCloud Incident Response
RISK ASSESSMENT
MY ACCOUNT
- Phone
  
  General
  United States 1-800-429-4391
  International +972-3-753-4555
  
  Support
  24x7 Technical Support
  Americas: 1-972-444-6600
  International: +972-3-6115100
  Toll Free: 1-888-361-5030
- Locations
  
  United States
  Check Point Software Technologies Inc.
  959 Skyway Road
  Suite 300
  San Carlos, CA 94070
  MAP
  
  International
  Check Point Software Technologies Ltd.
  5 Ha'Solelim Street
  Tel Aviv 67897, Israel
  MAP
- Community
  CheckMates User Community
  Support Forums
  Blog
- Chinese
- Japanese
- Russian

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk108851
Product	Security Gateway, ClusterXL, Cluster - 3rd party, VSX, Security Management, Multi-Domain Management / Provider-1
Version	R77.30
OS	Gaia
Platform / Model	All
Date Created	2016-03-07 09:06:21.0
Last Modified	2016-12-26 10:00:09.0

Symptoms

TACACS+ users with role TACP-15 fail to access Expert mode on R77.30 Gaia OS:
1. TACACS+ user connects to command line on Gaia OS.
2. TACACS+ user successfully logs in to Clish on Gaia OS.
3. TACACS+ user is not able to access Expert mode - after running "expert" command, the shell does not change:
  HostName:0> expert Enter expert password: Warning! All configuration should be done through clish You are in expert mode now. HostName:0>
/var/log/messages file shows only the following messages after running "expert" command in Gaia Clish:
clish[PID]: cmd by admin: Start executing : expert (cmd md5: ...) clish[PID]: cmd by admin: Processing : expert (cmd md5: ...)

Cause

In R77.30 Gaia OS, a change was made that requires to set the privileges for TACACS+ users.

The default privilege level is set to 96 ("set aaa tacacs-servers user-uid 96").

Solution

Note: To view this solution you need to Sign In .

THREAT INTELLIGENCE