Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
1
Replies

Group Lock issue, with RADIUS

arnis
Level 1
Level 1

‎02-28-2007 05:51 AM

I am trying to what seemes to be an simple issue, but !!!

group lock works with attribute 25, but if a user is sent for example to the default group on the ACS or any group where option 25 is not configured ( or configured to some value not avalable on the ASA ) the group lock policy is not enforced, I.E. the users gets in fine no matter what VPN group he is in

is that normal behavior ??

Cheers

Arni

Labels:
0 Helpful
1 Reply 1

b.hsu
Level 5
Level 5

‎03-06-2007 07:21 AM

this is normal. it's the ASA does the group lock and not ACS. ACS just returns the group-name that the user should be in and the ASA does the checking!!.

ACS only checks the username/password, if they are valid it RETURNS (not check) the OU attribute.

Try this link:

http://www.cisco.com/warp/public/471/altigagroup.html

0 Helpful
Customers Also Viewed These Support Documents