Acs 5.3 - wireless conversion from 4.0

Unanswered Question
May 18th, 2012
User Badges:

Hi All


As previous posters may have noticed i have been given the task of moving the ACS

from 4.0 to 5.3 which turns out to be considerably different.

Sadly i have nothing to test with at the moment so am trying to work it out as best i can

before the abbreviated period of cutover begins.


I have a Service Desk group setting in 4.0

Under groups i have the group settings  and down the bottom i have the following -

(ticked )  Wireless-WCS HTTP


(ticked ) Custom Attributes

Then in the box -

virtual-domain0=CRUK

role0=LobbyAmbassador

task0=Configure Guest Users

task1=Lobby Ambassador User Preferences


Fine but that doesnt translate directly into any 5.3 settings.


I assume that i would do the following

In policy elements create a shell profile (Service Desk) with the following settings -

Privilege level 0

Custom attributes

Manually entered -   


attribute              requirement              Value

virtual-domain      mandatory               virtual-domain0=CRUK

role                    mandatory               role0=LobbyAmbassador

task0                 mandatory               task0=Configure Guest Users

task1                 mandatory               task1=Lobby Ambassador User Preferences


submit that and then go to  -


Access Policies/default device admin/Authorisation

Create a new Rule

Add  the correct AD group in compound condition AD-AD1   attribute ExternalGroups  value static

in NDG:Device Type -  reference the WLC (previously created as device type with ip address)

Then in Results reference the above shell profile - Service Desk.


Sorry about the longevity but if this looks ok or rubbish can someone let me know as i wont

have much time to get it working with the real wireless


Thanks in advance


Steve

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mansrini Mon, 05/21/2012 - 21:39
User Badges:
  • Cisco Employee,

Steve,


The process is correct.. However Iam pointing out the following mistakes


It should not be

virtual-domain      mandatory               virtual-domain0=CRUK


rather it should be


virtual-domain0      mandatory               CRUK


In 4.x , virtual-domain0=CRUK means virtual-domain0 is the attribute and CRUK is the value.. Pls follow the same for all the AV pairs listed above..


-Mani

Actions

This Discussion

Related Content