Not sure if this is the right forum for this or not.
I have sucessfully set up a switch to authenticate against an AD group for telnet login, then use an enable password shared by the three people in the group.
I'd like to setup ip http server the same way, but can't seem to get it to work. I used "ip http authentication aaa", but no dice, as I do not have a local aaa.
Any advice is greatly appreciated!
HTTP Authentication requires Level-15 privileges so the user needs to have this by default. You can achieve this by passing a Cisco-AV-Pair from the Radius Server to the IOS device. The Cisco-AV-Pair is sent as a string as part of the Authentication Accept, for Level-15 privilege this is:
Bear in mind that if you use the same authentication method for telnet or SSH then your uses will automatically be at Level-15 privilege level.
I use this with MS IAS and have two polices defined that check for Windows Group Membership, one Group have Level-15 access, the others don't.