Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
1
Replies

Restricting Access to Group

joe.marcelo9
Level 1
Level 1

‎11-09-2009 09:41 PM - edited ‎03-10-2019 04:47 PM

Hello

I have ACS 4.0 authentication through external database Windows Active Directory. I want only support group created on ACS to have access rights to AAA client [Routers,Firewall,Switches] for telnet & SSH all members of other group should be denied.

Groups are created.

AAA members are added to ACS

but restricting to specific group not working

Labels:
0 Helpful
1 Reply 1

darpotter
Level 5
Level 5

‎11-10-2009 01:30 AM

Assuming you've confirmed that T+ authentications are actually been sent to your ACS, then it should be just a case of adding Windows group mappings:

Support -> ACS Support Group

Default -> NO ACCESS

Group mapping is applied after AD authentication, so even if correct credentials are supplied the user will be mapped to NO ACCESS (ie rejected) if they are not a member of the correct AD group.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents