Problems with IAS

Unanswered Question
Nov 9th, 2007

I have configured my cisco devices to authenticate administrators againts active directory using IAS. But I would like IAS to publish the appropriate privileges at logon.

"privilege exec level 7 write memory"

I would also like to centralize my access-classes the same way.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Fri, 11/09/2007 - 22:05

Hi,

Have you tried this?

- Fire up IAS

- Select "Remote Access Policies"

- Right-click the policy

- Select "Properties"

- "Policy conditions:" should only show "Windows-Group matches "DOMAIN\OU""

- Select "Edit PRofile"

- Select "Advanced"

- Remove "Framed-Protocol" from the "Attributes:"

- Edit "Service-Type" from the "Attributes:" and change the "Attribute Value" to "Login"

- In the "Advanced" tab, select "Add" + "Vendor-Specific" + "Add" + "Add"

Select from list: Cisco

Check "Yes, it conforms"

- Select "Configure Attributes"

Vendor-assigned attribute number: 1

Attribute format: String

Attribute value: 7

- Save (ok, ok, ok......)

Regards,

Dandy

teller123 Sat, 11/10/2007 - 22:38

I was able to configure IAS to grant users level 7 access, but i would also like the privileges i have linked to level to be pushed from IAS as well. So when user bob logs in and is a member of a group that has level 7 access he can modify a interface but nothing else.

Actions

This Discussion