I have an installed base of ACS 5.1 and MS AD. Some users are allowed to dial-in via VPN based on the attribute "msNPAllowDialin=True" within AD while others have no permission.
Whenever ACS send an LDAP-request to AD to retrieve the attributes it gets the value of msNPAllowDialin=false according to the following report.
Cisco-AVPairs:
Other Attributes:
ACSVersion=acs-5.1.0.44-B.2347
ConfigVersionId=66
Device Port=35919
RadiusPacketType=AccessRequest
Protocol=Radius
IdentityDn=CN=aba,OU=Standard,OU=Users,OU=LLB_LI,OU=Organisation,DC=llb,DC=root,DC=net
msNPAllowDialin=false
Device IP Address=172.27.60.20
I would like to use this attribute via authorization-policies to grant or deny access via VPN.
I'm running patch-level 5.1.0.44.3.
is this a known bug or do I miss something ?
Any support is very much appreciated
Roman