ASA and ACS 5.0 Radius Group

Unanswered Question
Jul 6th, 2009
User Badges:

Hello,


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml


Following this note I try to assign an asa group policy through our ACS. The only difference is ACS v5.


I correctly set ACS to send the ou=group in the IETF[25] Class attribute. But debugging radius on asa i see the following arriving and not the ou= group :


Radius: Type = 25 (0x19) Class

Radius: Length = 22 (0x16)

Radius: Value (String) =

41 43 53 30 31 2f 33 34 31 31 36 39 35 39 2f 38 | ACS01/34116959/8

38 35 35 38 | 8558


Does someone experienced the same and have a solution ?


Thanks

Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tprendergast Mon, 07/06/2009 - 11:22
User Badges:
  • Silver, 250 points or more

Can you please paste the contents of the IETF 25 Class variable box from the group?


Verify the user you are authenticating is a member of that group, as well, so the attribute is returned.

ccr_cisco Tue, 07/07/2009 - 01:23
User Badges:

Hello,


Here is the radius attribute box screenshot for the group. I can see on the ACS log that the user is on the group and that the good authorization profile is applied.


Thanks for your help

Regards



Hi,


I have a question for you, you could help me please?


The problem:

we have a problem for authentication a remote access VPN (ASA 5510, version 8.2.1) with ACS 5.0 (version 5.0.21), but its not working.

When I try with ACS 4.1, the authentication work fine.


could you tell me what is your version ACS and ASA??

your system is working ok????




Regards.



Marco


Actions

This Discussion