Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
769
Views
0
Helpful
1
Replies

ACS 5.1 and MS Active Directory

bthuer
Level 1
Level 1

‎09-23-2010 01:49 AM - edited ‎03-10-2019 05:26 PM

I have an installed base of ACS 5.1 and MS AD. Some users are allowed to dial-in via VPN based on the attribute "msNPAllowDialin=True" within AD while others have no permission.

Whenever ACS send an LDAP-request to AD to retrieve the attributes it gets the value of msNPAllowDialin=false according to the following report.

Cisco-AVPairs:

Other Attributes:

ACSVersion=acs-5.1.0.44-B.2347
ConfigVersionId=66
Device Port=35919
RadiusPacketType=AccessRequest
Protocol=Radius
IdentityDn=CN=aba,OU=Standard,OU=Users,OU=LLB_LI,OU=Organisation,DC=llb,DC=root,DC=net
msNPAllowDialin=false
Device IP Address=172.27.60.20

I would like to use this attribute via authorization-policies to grant or deny access via VPN.

I'm running patch-level 5.1.0.44.3.

is this a known bug or do I miss something ?

Any support is very much appreciated

Roman

Labels:
0 Helpful
1 Reply 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents