ASA 5540 and Radius

Unanswered Question
May 23rd, 2007
User Badges:

Here is what I am trying to accomplish using an ASA 5540/Steel-Belted Radius/Active Directory. When a user connects via SSL they are able to select a group from the drop-down list on the login page.

Unfortunately as long as they have a valid active directory account they can log in to any group that is available.

Is it possible to set up Radius/Active Directory to pass a group back to the ASA based on the username? In other words, the ASA is given the group that individual belongs to by the Radius box as opposed to allowing the individual to select which group to login under.

Hope this makes sense. Any help is appreciated. David

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
ggilbert Fri, 05/25/2007 - 12:24
User Badges:
  • Cisco Employee,


You can assign the RADIUS server to send a group back to the ASA to which the user has to be assigned to.

You can specify on the IETF RADIUS class OU=grouppolicy; This attribute will assign the user to a policy which can be tied to a group.

Rate this post, if it helps you out.



robertsd4006 Fri, 05/25/2007 - 12:32
User Badges:

Thanks for your thoughts. That gives me a place to start. Have a good weekend. David


This Discussion