cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
426
Views
3
Helpful
2
Replies

ASA 5540 and Radius

robertsd4006
Level 1
Level 1

Here is what I am trying to accomplish using an ASA 5540/Steel-Belted Radius/Active Directory. When a user connects via SSL they are able to select a group from the drop-down list on the login page.

Unfortunately as long as they have a valid active directory account they can log in to any group that is available.

Is it possible to set up Radius/Active Directory to pass a group back to the ASA based on the username? In other words, the ASA is given the group that individual belongs to by the Radius box as opposed to allowing the individual to select which group to login under.

Hope this makes sense. Any help is appreciated. David

2 Replies 2

ggilbert
Cisco Employee
Cisco Employee

David,

You can assign the RADIUS server to send a group back to the ASA to which the user has to be assigned to.

You can specify on the IETF RADIUS class OU=grouppolicy; This attribute will assign the user to a policy which can be tied to a group.

Rate this post, if it helps you out.

Cheers

Gilbert

Thanks for your thoughts. That gives me a place to start. Have a good weekend. David

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: