I'm getting the error 'No rule was matched'.
The authentication itself passes; the 'Radius Identity Servers' are sending back the accept.
Tcpdump shows that the ACS is not asking the AD as defined in the compound condition.
What am I missing?
Any help would be appreciated.
Was just writing that to respond but you got there first while I was in the middle
Interesting use case using some of the more adavnced capabilities
Can you please clarify what you have selected as the result of the identity policy. If you are still using the default defined access services you will see this at the following location:
In order to use the attributes from AD in the authorization decision Active Directory must be included in the results for the identity policy. This can be done in one of two ways:
- Select the database directly
- Define and select an identity sequence that includes Active Directory