Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
1
Replies

ACS 5.0 Device Administration Authorization Policy

levter
Level 1
Level 1

‎10-27-2009 01:08 PM - edited ‎03-10-2019 04:45 PM

I am configuring ACS 5.0 and have some problem which I do not understand.

I have 3 policy created to access Cisco routers and switches.

I am trying to have authentication run trhough the AD then local DB if user not found in AD or AD not available.

I build 3 rules/policies for testing.

One policy configured with AD only. This one is working.

One policy with Local users only. This one is working as well.

And I am trying to have 3rd policy which combines first two rules.

And this one does not work.

I have access to the configured privilege level with policy 1 and 2.

And that access goes through authentication only. The access level granted on authentication pass only ( I can see it in the log).

But for the 3rd rule/policy. I can see that authentication passed (for both AD users and local users). But then it does not go through authorization.

Could you please help me out?

I must be missing something.

How Conditions works if I have more than one condition (in my case AD authentication or Local).

Why I did not get through the aothorisation stage in first 2 rules and bumped into it in the third rule.

Thank you.

Labels:
0 Helpful
1 Reply 1

jrabinow
Level 7
Level 7

‎10-28-2009 01:49 AM

I am not clear on the setup. Can you please clarify:

- how many access services?

- for each access policy what is defined in the identity policy and in the authorization policy

0 Helpful
Customers Also Viewed These Support Documents