How to modify user attributes in Microsoft IAS or Active Directory??

Unanswered Question
Jul 10th, 2008

Anyone have an idea?? What I'm trying to do is to authenticate management access to an ACE 4710 against a Microsoft IAS server.

According to the document below:

it sounds like I need to be able to modify user attributes similar to what I know is doable in ACS. I base my assumption on this because of the following statement in the link above:

"Step 3 Go to the User Setup section of the Cisco Secure ACS HTML interface and double-click the name of an existing user that you want to define a user profile attribute for virtualization. The User Setup page appears.

Step 4 Under the TACACS+ Settings section of the page, configure the following settings:

•Click the Shell (exec) check box.

•Click the Custom attributes check box.

•In the text box under the Custom attributes, enter the user role and associated domain for a specific context in the following format:

shell:<contextname>=<role> <domain1> <domain2>...<domainN>"

Is something like this possible in IAS??

I have the authentication piece working for the ACE however when I login, I'm assigned an ACE defined default role of 'network-monitor' which gives me only read-only access. The way I'm interpreting what needs to be done to resolve this is to have the authentication server send an attribute value that states that the user is in the role 'Admin' in which case I'll have unlimited access to my ACE.

Make sense?? Any thoughts??

Thanks in advance.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Fri, 07/11/2008 - 05:13


It is possible via Radius and not TACACS. On the same link if you scroll down, you will see option of doing it via Radius.

"Defining Private Attributes for Virtualization Support in a RADIUS Serve"

Find attached the doc that explains about setting up user attributes on IAS.



Do rate helpful posts

lloyd_andrew Fri, 07/11/2008 - 06:56

Thanks for this document -- I think exactly what I've been looking for. I will most likely give this a shot next week and will rate the post if it was helpful.




This Discussion