Webvpn/radius - assign to group - Concentrator3005

Answered Question
Feb 17th, 2010

Configuring a Cisco Concentrator3005 using IPSEC client on PC and authenticating via radius w/ group assignment is a breeze - plus I'm not configuring an individual user - and don't want to.

But I'm banging my head trying to configure Webvpn to authenticate via radius and assigning the user to a group!  The user always defaults itself to the Base Group.  I want to figure out a way to have the user placed into a Group.

Anyone tackle this before?

Thx.

Robert

I have this problem too.
0 votes
Correct Answer by Ivan Martinon about 6 years 11 months ago

Robert,

First, you need to make sure that the Radius server is your first authentication method configured on the VPN3000, WEBVPN reads the authentication server list from top to bottom and the first one on the list is the one to be chosen, second to assign the user to a group you need to configure the class value on your radius server, this value has to be equal to the webvpn group you need to assign the user to.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Ivan Martinon Thu, 02/18/2010 - 09:38

Robert,

First, you need to make sure that the Radius server is your first authentication method configured on the VPN3000, WEBVPN reads the authentication server list from top to bottom and the first one on the list is the one to be chosen, second to assign the user to a group you need to configure the class value on your radius server, this value has to be equal to the webvpn group you need to assign the user to.

rbrunne Thu, 02/18/2010 - 14:50

Ivan,

Thanks for the information.  It was the "Class attribute" setting on the radius server that fixed my problem.

Actions

This Discussion